[Apparmor-dev] [rfr] apparmor_status: report more detailed
information
Mathias Gug
mathiaz at ubuntu.com
Wed May 30 17:23:54 MDT 2007
Hi,
I've attached a new diff.
On Wed, May 30, 2007 at 03:26:35PM -0700, Steve Beattie wrote:
> > + if ($file =~ m/^\d+/ && grep(abs_path("/proc/$file/exe") eq $_ , keys(%profiles))) {
>
> Unfortunately, this skips processes that have inherited a policy from
> another process; this is especially common in shell scripts.
>
As you suggested, I've moved the grep to into the else clause inside the
the /proc/pid/attr/current file.
> I think it's worthwhile to keep the newlines in the above, for human
> readers.
>
Done.
> Would you mind upping the indentation to 2 spaces or more just to make visually
> identifying the section headers a little more distinct?
Done.
> In our LKML submission we've switched to the keyword 'unconfined',
> as it is the term we use when discussing processes that don't have an
> apparmor policy defined. It'd be ideal if apparmor_status could work on
> both old code and new.
Done.
--
Mathias
-------------- next part --------------
A non-text attachment was scrubbed...
Name: apparmor_status-3.diff
Type: text/x-diff
Size: 5544 bytes
Desc: not available
Url : http://forge.novell.com/pipermail/apparmor-dev/attachments/20070530/58487168/apparmor_status-3.bin
More information about the Apparmor-dev
mailing list