-
Tyler Hicks authored
https://launchpad.net/bugs/1584069 This patch allows policy authors to specify how exec transitions should be handled with respect to setting AT_SECURE in the new process' auxiliary vector and, ultimately, having libc scrub (or not scrub) the environment. An exec mode of 'safe' means that the environment will be scrubbed and this is the default in kernels that support AppArmor profile stacking. An exec mode of 'unsafe' means that the environment will not be scrubbed and this is the default and only supported change_profile exec mode in kernels that do not support AppArmor profile stacking. Signed-off-by: Tyler Hicks <tyhicks@canonical.com> Acked-by: John Johansen <john.johansen@canonical.com>
0c4c9755