ask_exec(): no longer skip exec events in hats (!1133) · Merge requests · AppArmor / apparmor

Christian Boltz requested to merge cboltz/apparmor:cboltz-more-x into master Dec 28, 2023

Instead of ignoring all exec events that happen in a hat/child profile, only disallow child exec. ix and px are valid options inside a hat and are now offered to the user.

(When the tools support nested child profiles one day, we can even allow child exec again.)

[This MR is for master only. I opened separate MRs for 3.1 and 3.0]

Edited Dec 28, 2023 by Christian Boltz

ask_exec(): no longer skip exec events in hats

Merge request reports