On Fri, Apr 6, 2012 at 12:49 PM, Andrew Morton <akpm@xxxxxxxxxxxxxxxxxxxx> wrote: > On Thu, 29 Mar 2012 15:01:46 -0500 > Will Drewry <wad@xxxxxxxxxxxx> wrote: > >> From: Andy Lutomirski <luto@xxxxxxxxxxxxxx> >> >> With this set, a lot of dangerous operations (chroot, unshare, etc) >> become a lot less dangerous because there is no possibility of >> subverting privileged binaries. >> >> This patch completely breaks apparmor. Someone who understands (and >> uses) apparmor should fix it or at least give me a hint. > > So [patch 2/15] fixes all this up? > > I guess we should join the two patches into one, to avoid a silly > breakage window. That means that John loses a brownie point, but we > can mention him in the changelog, include his signed-off-by: Or just fix the commit message. It no longer completely breaks AppArmor. It just causes execve to fail when PR_SET_NO_NEW_PRIVS is set and AppArmor is in use. --Andy -- To unsubscribe from this list: send the line "unsubscribe linux-arch" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
