On 01/23/2014 02:45 AM, Steve Beattie wrote: > This patch converts the request entry point from using multiple (if > necessary) aa_change_hat() calls into a single aa_change_hatv() call, > simplifying the code a bit, requiring fewer round trips between > mod_apparmor and the kernel for each request, as well as providing more > information when the apache profile is in complain mode. > > Patch history: > v1: initial version > v2: - the server config (scfg) code accidentally re-added the > directory config (dcfg) hat to the vector of hats, fix that > - actually add the DEFAULT_URI hat to the vector of hats, instead > of only logging that that is happening. > - pass errno to ap_log_rerror() if aa_change_hatv() call fails. > - don't call aa_change_hat again if aa_change_hatv() call fails, > as this is no longer necessary. > > Signed-off-by: Steve Beattie <st...@nxnw.org>
So with the aa_change_hat format string bug fixed in another one of your patches do you think its worth converting the aa_change_hat(NULL, token); calls to aa_change_hatv(NULL, token); ? This should allow this module to be run with older version of the library installed. Of course with the use of aa_getcon that will require at least a 2.8 install. other wise it looks good Acked-by: John Johansen <john.johan...@canonical.com> -- AppArmor mailing list AppArmor@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor
