24 Sep
2021
24 Sep
'21
19:46
On 24.09.2021 16:28, Michal Suchánek wrote:
The negative is mostly that extra exec() overhead (and if you ever find it's significantly more in some scenario, it's a bug :). Another issue is it's not immediately clear *what* you are running since execution depends no the argv[0] and config file and not target binary of a symlink. This is an issue with things like AppArmor.
How is it a problem with apparmor?
If it limits exec() it will just happen one step later when libalternative does it.
Or am I missing something?
Apparmor needs to allow every possible alternative binary instead of just one canonical path.