> + > + /** > + * parent can ptrace child when > + * - parent is unconfined > + * - parent is in complain mode > + * - parent and child are confined by the same profile > + */ Your profiles are name based. That means the same profile in a different namespace does different things. It would be a very odd case where it mattered but surely the parent ptrace child rule should also require that the parent and child are in the same namespace when using apparmor name based security. > +static int apparmor_capget(struct task_struct *task, > + kernel_cap_t *effective, > + kernel_cap_t *inheritable, > + kernel_cap_t *permitted) > +{ > + return cap_capget(task, effective, inheritable, permitted); > +} Pointless function should go away. > +static int apparmor_sysctl(struct ctl_table *table, int op) > +{ > + int error = 0; > + > + if ((op & 002) && !capable(CAP_SYS_ADMIN)) > + error = aa_reject_syscall(current, GFP_KERNEL, > + "sysctl (write)"); > + > + return error; The usual file permission security override is DAC not ADMIN. What is the logic of this choice. > +} > + > +static int apparmor_syslog(int type) > +{ > + return cap_syslog(type); > +} More pointless functions to delete. - To unsubscribe from this list: send the line "unsubscribe linux-fsdevel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html