From 473db4d699bf97a13b2ef828e98ef4ac30e17703 Mon Sep 17 00:00:00 2001
From: John Johansen <john@jjmx.net>
Date: Sat, 28 Jul 2018 02:17:53 +0000
Subject: [PATCH] Update Apparmorearlypolicy

---
 Apparmorearlypolicy.md | 14 +++++++++++++-
 1 file changed, 13 insertions(+), 1 deletion(-)

diff --git a/Apparmorearlypolicy.md b/Apparmorearlypolicy.md
index c591879..4453e50 100644
--- a/Apparmorearlypolicy.md
+++ b/Apparmorearlypolicy.md
@@ -9,6 +9,18 @@
 
 = Introduction =
 
-initrd
+initrd - allow setting profiles on init system and early processes
+
 
 alternative early policy system
+- less rigorous but often sufficient
+- easier to update policy
+- early processes start unconfined
+- replace early default profile with new profile shared by all tasks in the default profile
+- requires init system to load policy early, should be before compilation and text policy are available
+
+default profile
+
+first load replace default profile, with new profile, all tasks confined by default confined by the new profile
+
+