Re: [AppArmor 39/45] AppArmor: Profile loading and manipulation, pathname matching

From: Seth Arnold
Date: Fri Jun 15 2007 - 20:07:29 EST

Next message: Carlo Wood: "My kernel hangs again: Help with git please"
Previous message: Pavel Machek: "Re: [AppArmor 39/45] AppArmor: Profile loading and manipulation, pathname matching"
In reply to: Pavel Machek: "Re: [AppArmor 39/45] AppArmor: Profile loading and manipulation, pathname matching"
Next in thread: Stephen Smalley: "Re: [AppArmor 39/45] AppArmor: Profile loading and manipulation,pathname matching"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Sat, Jun 16, 2007 at 01:39:14AM +0200, Pavel Machek wrote:
> > Pavel, please focus on the current AppArmor implementation. You're
> > remembering a flaw with a previous version of AppArmor. The pathnames
> > constructed with the current version of AppArmor are consistent and
> > correct.
>
> Ok, I did not know that this got fixed.
>
> How do you do that? Hold a lock preventing renames for a whole time
> you walk from file to the root of filesystem?

We've improved d_path() to remove many of its previous shortcomings:

eb3dfb0cb1f4a44e2d0553f89514ce9f2a9fcaf1

Attachment: pgp00000.pgp
Description: PGP signature

Next message: Carlo Wood: "My kernel hangs again: Help with git please"
Previous message: Pavel Machek: "Re: [AppArmor 39/45] AppArmor: Profile loading and manipulation, pathname matching"
In reply to: Pavel Machek: "Re: [AppArmor 39/45] AppArmor: Profile loading and manipulation, pathname matching"
Next in thread: Stephen Smalley: "Re: [AppArmor 39/45] AppArmor: Profile loading and manipulation,pathname matching"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]