Re: Re: [AppArmor 00/41] AppArmor security module overview

From: Jeff Schroeder
Date: Sun Apr 29 2007 - 15:09:29 EST

From: David Wagner <daw <at>>
David Wagner wrote:


I still think that ptrace() is not the best way to implement this kind
of security tool, and I think it's entirely understandable that they did
not use ptrace. I do not think it is a fair criticism of AppArmor to say
"AppArmor should have used ptrace()".

Take a look at utrace in -mm, it offers a completely backwards compatible
ptrace() syscall implemented as a module ontop of it. utrace looks like the
way things will be going forward

Think of ptrace() implemented using utrace as ptrace that "Sucks Less TM".
Maybe Andy will let utrace out of -mm for 2.6.23.

(please cc: me in any responses)


Jeff Schroeder

Don't drink and derive, alcohol and analysis don't mix.
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at
Please read the FAQ at