On Mon, Jan 30, 2012 at 8:17 AM, Andy Lutomirski <luto@xxxxxxxxxxxxxx> wrote: > With this set, a lot of dangerous operations (chroot, unshare, etc) > become a lot less dangerous because there is no possibility of > subverting privileged binaries. > > This patch completely breaks apparmor. Someone who understands (and > uses) apparmor should fix it or at least give me a hint. > > Signed-off-by: Andy Lutomirski <luto@xxxxxxxxxxxxxx> Looking forward to this -- it'll give us a lot more flexibility. Reviewed-by: Kees Cook <keescook@xxxxxxxxxxxx> -- Kees Cook ChromeOS Security -- To unsubscribe from this list: send the line "unsubscribe linux-fsdevel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
