On Mon, Jun 29, 2015 at 01:23:40AM -0600, John Johansen wrote: > > One of the questions I have is that with rev 3081, the macro definitions > > become part of the library API, which means that it gets harder to > > change them in the future. Are we sure we want that? (We don't have any > > releases out there with them visible in the header yet.) > > > It is already being exposed by the kernel and dbus's use. The other types > can be queried, but there just isn't any library help so you need to know > how to do it/interpret the returned values. > > I am fine with keeping the defines internal to apparmor but how would you > propose we export the different permission information being currently > returned by the kernel.
That's fine, and I recognize the reason we need to expose the permission bits to userspace mediators (so that we can record and inform what permissions are missing in log messages), but we need to recognize that comes at a cost of making harder to change those defines in the future without requiring a libapparmor so version bump. Thanks for digging in to this. -- Steve Beattie <sbeat...@ubuntu.com> http://NxNW.org/~steve/
signature.asc
Description: Digital signature
-- AppArmor mailing list AppArmor@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor
