On 06/24/2011 08:51 AM, Jamie Strandboge wrote:
This patch addresses the change by making GenLabel() load the AppArmor profile into the kernel after the label (profile name) is generated. SetAllLabel() is then adjusted to only reload_profile() and append stdin_fn to the profile when it is specified. This also makes the AppArmor driver work like its SELinux counterpart with regard to SetAllLabel() and stdin_fn.
ACK and pushed.
I realized I could simply load the profile in GenLabel() and still use SetAllLabel() to reload the profile when stdin_path was specified. The current fix is implemented wholly within the AppArmor driver and I think much cleaner.
Indeed :) -- Eric Blake eblake@redhat.com +1-801-349-2682 Libvirt virtualization library http://libvirt.org