subject:"\[PATCH 3\/3\] apparmor\: virtualize the policy\/ directory"

Re: [PATCH 3/3] apparmor: virtualize the policy/ directory

2017-05-24 Thread John Johansen

On 05/24/2017 12:38 PM, Kees Cook wrote: > On Wed, May 10, 2017 at 7:46 PM, John Johansen > wrote: >> virtualize the apparmor policy/ directory so that the current namespace >> affects what part of policy is seen. This is done by >> >> * creating a new apparmorfs filesystem >> * creating a magic

Re: [PATCH 3/3] apparmor: virtualize the policy/ directory

2017-05-24 Thread Kees Cook

On Wed, May 10, 2017 at 7:46 PM, John Johansen wrote: > virtualize the apparmor policy/ directory so that the current namespace > affects what part of policy is seen. This is done by > > * creating a new apparmorfs filesystem > * creating a magic symlink from securityfs to the correct apparmorfs

[PATCH 3/3] apparmor: virtualize the policy/ directory

2017-05-10 Thread John Johansen

virtualize the apparmor policy/ directory so that the current namespace affects what part of policy is seen. This is done by * creating a new apparmorfs filesystem * creating a magic symlink from securityfs to the correct apparmorfs file in the tree (similar to nsfs use). apparmor fs data an