MIME-Version: 1.0
In-Reply-To: <1279154621-25868-5-git-send-email-john.johansen@canonical.com>
References: <1279154621-25868-1-git-send-email-john.johansen@canonical.com>
	<1279154621-25868-5-git-send-email-john.johansen@canonical.com>
Date: Thu, 15 Jul 2010 11:33:07 -0400
Message-ID: <AANLkTim_l1RDI3icW1Ko7NWvECT1JzuM2c3Qqa8wvQR6@mail.gmail.com>
Subject: Re: [PATCH 04/13] AppArmor: core policy routines
From: Eric Paris <eparis@parisplace.org>
To: John Johansen <john.johansen@canonical.com>
Cc: linux-kernel@vger.kernel.org, linux-security-module@vger.kernel.org
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 8BIT
Sender: linux-kernel-owner@vger.kernel.org
Content-Length: 1282
Lines: 27

On Wed, Jul 14, 2010 at 8:43 PM, John Johansen
<john.johansen@canonical.com> wrote:
> The basic routines and defines for AppArmor policy. ?AppArmor policy
> is defined by a few basic components.
> ? ? ?profiles - the basic unit of confinement contain all the information
> ? ? ? ? ? ? ? ? to enforce policy on a task
>
> ? ? ? ? ? ? ? ? Profiles tend to be named after an executable that they
> ? ? ? ? ? ? ? ? will attach to but this is not required.
> ? ? ?namespaces - a container for a set of profiles that will be used
> ? ? ? ? ? ? ? ? during attachment and transitions between profiles.
> ? ? ?sids - which provide a unique id for each profile
>
> Signed-off-by: John Johansen <john.johansen@canonical.com>
> ---

> + ? ? ? PFLAG_MMAP_MIN_ADDR = 0x80, ? ? /* profile controls mmap_min_addr */

You don't actually support this per ?domain? mmap_min_addr and I'm not
sure how you ever can (given the nature of round_hint_to_min()) so
maybe you should rip it all out rather than having the half
implemented stuff in patches 4 and 6?
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/