GitHub-Mirror/linux-bl808
2
0
Fork 0
mirror of https://github.com/Fishwaldo/linux-bl808.git synced 2025-06-17 20:25:19 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

apparmor: add policy revision file interface

Browse source 
Add a policy revision file to find the current revision of a ns's policy.
There is a revision file per ns, as well as a virtualized global revision
file in the base apparmor fs directory. The global revision file when
opened will provide the revision of the opening task namespace.

The revision file can be waited on via select/poll to detect apparmor
policy changes from the last read revision of the opened file. This
means that the revision file must be read after the select/poll other
wise update data will remain ready for reading.

Signed-off-by: John Johansen <john.johansen@canonical.com>
This commit is contained in:
John Johansen 2017-05-26 16:27:58 -07:00
parent 18e99f191a
commit d9bf2c268b
4 changed files with 116 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

1
security/apparmor/include/policy_ns.h
View file

@ -69,6 +69,7 @@ struct aa_ns {
long uniq_id;
int level;
long revision;
wait_queue_head_t wait;
struct list_head rawdata_list;