Re: [AppArmor 39/45] AppArmor: Profile loading and manipulation, pathname matching

From: Seth Arnold
Date: Fri Jun 15 2007 - 20:07:29 EST

On Sat, Jun 16, 2007 at 01:39:14AM +0200, Pavel Machek wrote:
> > Pavel, please focus on the current AppArmor implementation. You're
> > remembering a flaw with a previous version of AppArmor. The pathnames
> > constructed with the current version of AppArmor are consistent and
> > correct.
> Ok, I did not know that this got fixed.
> How do you do that? Hold a lock preventing renames for a whole time
> you walk from file to the root of filesystem?

We've improved d_path() to remove many of its previous shortcomings:


Attachment: pgp00000.pgp
Description: PGP signature