[Apparmor-dev] Re: repost of network toggle patches for the tools
and bug fixes for repo
jesse michael
jmichael at suse.de
Wed Jul 25 12:36:57 MDT 2007
On Wed, Jul 25, 2007 at 11:30:41AM -0700, Seth Arnold wrote:
> On Tue, Jul 24, 2007 at 03:24:12PM -0600, Dominic Reynolds wrote:
> > + # "w" implies "a"
> > + delete $seen{a} if ($seen{w} && $seen{a});
>
> Do the lines above make sure that 'wa' won't be written to profiles,
> because of the following lines?
That makes sure that when combining an existing mode that contains "a"
with a requested "w" permission, that we write only "w" instead of "aw".
> > + # "w" implies "a"
> > + $h{a}++ if $h{w};
>
> Thanks
This one is only used in the matching lookup so that if we have a profile
with an existing "w" permission, that any log events with a requested "a"
permission will be satisfied.
More information about the Apparmor-dev
mailing list