apparmor: virtualize the policy/ directory
virtualize the apparmor policy/ directory so that the current namespace
affects what part of policy is seen. This is done by
* creating a new apparmorfs filesystem
* creating a magic symlink from securityfs to the correct apparmorfs
file in the tree (similar to nsfs use).
apparmor fs data and fns also get renamed some to help indicate where
they are used
aafs - special magic apparmorfs
aa_sfs - for fns/data that go into securityfs
aa_fs - for fns/data that may be used in the either of aafs or securityfs
Signed-off-by: John Johansen <john.johansen@canonical.com>
Reviewed-by: Seth Arnold <seth.arnold@canonical.com>
10 files changed