apparmor: add custom apparmorfs that will be used by policy namespace files
AppArmor policy needs to be able to be resolved based on the policy namespace a task is confined by. Add a base apparmorfs filesystem that (like nsfs) will exist as a kern mount and be accessed via jump_link through a securityfs file. Setup the base apparmorfs fns and data, but don't use it yet. Signed-off-by: NJohn Johansen <john.johansen@canonical.com> Reviewed-by: NSeth Arnold <seth.arnold@canonical.com> Reviewed-by: NKees Cook <keescook@chromium.org>
Showing
想要评论请 注册 或 登录