[Apparmor-dev] [RFR] patch to add checking for newer profile on
exec transition
Dominic Reynolds
dominic at mercenarylinux.com
Fri Oct 19 15:39:58 MDT 2007
Attached patch extends the patch posted by jesse
(http://marc.info/?l=apparmor-dev&m=119084823931563&w=2) and adds code along
the lines that jesse suggests in the email to make sure that we don't recheck
the repo for a newer version if the profile now satisfies the exec/hat log
entry being processed.
This patch addresses the bug:
https://bugzilla.novell.com/show_bug.cgi?id=328707
The net result repo interaction is that we will check for new profile when:
- processing an unknown hat/execute rejection if its not already in the
profile
- at the start of processing all the remain events for the profile
There is a window between checking for execs/hats that the profile could be
updated (so presenting the same problem of a new profile overwriting user
selections for exec/hats) - however this window is small and the user can
view the changes before updating the profile.
-dom
-------------- next part --------------
A non-text attachment was scrubbed...
Name: repo-update-check.diff
Type: text/x-patch
Size: 4351 bytes
Desc: not available
Url : http://forge.novell.com/pipermail/apparmor-dev/attachments/20071019/df80e778/repo-update-check.bin
More information about the Apparmor-dev
mailing list