On Wed, Oct 23, 2013 at 08:54:13PM -0500, Serge Hallyn wrote:
> Since we check /sys/kernel/security/ files when deciding whether
> apparmor is enabled, and that might not be mounted in the container,
> we cannot re-make the decision at apparmor_process_label_set() time.
> Luckily we don't have to -
Since we check /sys/kernel/security/ files when deciding whether
apparmor is enabled, and that might not be mounted in the container,
we cannot re-make the decision at apparmor_process_label_set() time.
Luckily we don't have to - just cache the decision made at
lsm_apparmor_drv_init().
Signed-off-
