mir/apparmor
2
0
Fork 0
mirror of https://gitlab.com/apparmor/apparmor synced 2025-08-30 05:47:59 +00:00
Code Issues Releases Wiki Activity

Update apparmor_kernel_development_guide

John Johansen 2018-09-29 06:39:54 +00:00
parent c8b6fc86a0
commit e9eda2154f
1 changed files with 4 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
apparmor_kernel_development_guide.md

@ -86,6 +86,10 @@ Except in a few special cases NEVER directly use the cred's label. Doing so coul
Instead use
- task context: begin_label_crit_section/end_label_crit_section
- atomic context: __begin_label_crit_section/__end_label_crit_section
unless you are going to update the task's label. NEVER update the task's label inside of a label_crit_section. Instead
- get a reference count on the task's label
- update the tasks label via updating the cred
- put the reference count when done with the label
A task is the only one that can update its label. So label update is done in hook functions
- the label is checked for staleness (profile has been replaced)