apparmor: cache the are-we-enabled decision
Since we check /sys/kernel/security/ files when deciding whether
apparmor is enabled, and that might not be mounted in the container,
we cannot re-make the decision at apparmor_process_label_set() time.
Luckily we don't have to - just cache the decision made at
lsm_apparmor_drv_init().
Signed-off-by:
Serge Hallyn <serge.hallyn@ubuntu.com>
Acked-by:
Stéphane Graber <stgraber@ubuntu.com>
Showing
Please
register
or
sign in
to comment