Daniel Richard G.

Hi, I have been working on xrdp and fscrypt independently (on Ubuntu even), and figured I'd take a look at this. It would help if you could check your system...

For what it's worth, point 1 alone would be enough for my usage. I am using the output of goda with an application that normally parses the output of `go...

PR update pushed. A few notes: * `g_set_no_new_privs()` could use some way of checking whether the process is running in a SELinux context (as NoNewPrivileges could interfere with that as...

Some comments re support: * Shipping AppArmor profiles would give distros a clear starting point for customization, and a clear owner/target for upstreaming their changes. I don't think it would...

Fixed a thinko in `sesman/session.c`; should have used `foo != 0` instead of `!foo`. This caused an error message to be logged on success.

Updated the code formatting, used `!= 0` on the `g_strcmp()` call for clarity, and rebased. As I understand it, NNP generally prohibits security transitions on a process because there is...

Re AppArmor support on target platforms: Is a `configure` option really necessary? The AppArmor proc-file check only occurs if `HAVE_SYS_PRCTL_H` and `PR_SET_NO_NEW_PRIVS` are defined; presumably this will only be the...

I think a different approach to handling the "AppArmor support" may be more to your liking. I went the "check the `/proc` file" route because I wanted something that worked...

All right, I think we have a way forward. Please let me know if any of my understanding below is at variance with yours. - I'll remove the AppArmor `/proc`...

@metalefty: Understood; thanks for the heads-up. I'll keep my changes POSIX-only.