Hello, Am Freitag, 15. Juli 2016, 20:34:47 CEST schrieb Tyler Hicks: > https://launchpad.net/bugs/1584069 > > This patch adds support for the safe and unsafe exec modes for > change_profile rules. The logic is pretty simple at this point because > the kernel's default for exec modes changed in newer versions. > Therefore, this patch simply retains any specified exec mode in > parsed rules. If an exec mode is not specified in a rule, there is no > attempt to force the usage of "safe" because older kernels do not > support it. > > Signed-off-by: Tyler Hicks <tyhi...@canonical.com> > Acked-by: Seth Arnold <seth.arn...@canonical.com> > --- > > * Changes since v1: > - Added Seth's acked-by > - Addressed feedback from Christian > + Embed execmode name in RE_SAFE_OR_UNSAFE > + AppArmorBug() when an invalid execmode is used in a new > ChangeProfileRule() > + Don't use logprof_value_or_all() when setting execmode_txt > + Only return "Exec Mode" element from logprof_header_localvars() > when an execmode is set > + Add invalid execcmode test to InvalidChangeProfileInit() > + Make 'safe' execmode equivalent to '' and None
One soap box race later: Thanks, looks much better :-) Acked-by: Christian Boltz <appar...@cboltz.de> Regards, Christian Boltz -- Sich aktiv an Wikipedia beteiligen habe ich versucht. Es war grausam. Dagegen ist das Heise-Forum ein Streichelzoo. [Charly Kuehnast zu http://vvv.koehntopp.de/wpkris/?p=739032]
signature.asc
Description: This is a digitally signed message part.
-- AppArmor mailing list AppArmor@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor
