apparmor: provide base for multiple profiles to be replaced at once
authorJohn Johansen <john.johansen@canonical.com>
Thu, 11 Jul 2013 04:05:43 +0000 (21:05 -0700)
committerJohn Johansen <john.johansen@canonical.com>
Wed, 14 Aug 2013 18:42:06 +0000 (11:42 -0700)
commitdd51c84857630e77c139afe4d9bba65fc051dc3f
tree2dbfb9435feadac6123600aef75004ee2197f6af
parent9d910a3bc01008d432b3bb79a69e7e3cdb4821b2
apparmor: provide base for multiple profiles to be replaced at once

previously profiles had to be loaded one at a time, which could result
in cases where a replacement of a set would partially succeed, and then fail
resulting in inconsistent policy.

Allow multiple profiles to replaced "atomically" so that the replacement
either succeeds or fails for the entire set of profiles.

Signed-off-by: John Johansen <john.johansen@canonical.com>
security/apparmor/apparmorfs.c
security/apparmor/include/policy_unpack.h
security/apparmor/policy.c
security/apparmor/policy_unpack.c