Ooh, unload when refcount hits zero makes much more sense to me. ------Original Message------ From: John Johansen To: Seth Arnold Cc: Steve Beattie Cc: [email protected] Subject: Re: [apparmor] [PATCH 1/3] Add the aa-exec command line utility Sent: Jan 12, 2012 3:02 AM
On 01/12/2012 11:54 AM, Seth Arnold wrote: > Sorry for rubbish blackberry quoting... > > I don't think -F should unload when finished -- during execution the profile > might be updated or removed via another mechanism, it might be used to > confine other running processes, or the command might start a daemon which > does the usual double-fork routine. > > If you want the feature (I can almost see it..) then please do so through yet > another command line option. > yeah I don't think auto remove belongs at this level, in fact I am not even sure -f belongs here. What I would like to get to for auto remove is a flag on the profile that causes it to be unloaded when its no longer in use. This would avoid all the potential problems Seth brought up. -- AppArmor mailing list [email protected] Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor
