[apparmor] GSoC review r48..51
Steve Beattie
steve at nxnw.org
Thu Aug 22 21:10:57 UTC 2013
On Thu, Aug 22, 2013 at 01:43:46PM -0700, Tyler Hicks wrote:
> On 2013-08-22 22:19:59, Christian Boltz wrote:
> > aa-genprof.py has:
> >
> > if os.path.exists('/var/log/audit/audit.log'):
> > syslog = False
> >
> > I'm not sure if "audit.log exists" is the best way to choose the logfile
> > but I have to admit that I don't have a better method ;-)
> >
> > Does someone have any better ideas? Or is the current way ok?
>
> I think the current way is sufficient.
>
> One other thing to keep in mind is that denials will be split across
> syslog and the audit log in the future. As userspace programs (such as
> dbus, display servers, etc.) are making security decisions based upon
> AppArmor policy, they'll also be auditing those decisions.
The current way is not sufficient, for exactly the reason you
outlined. That is, we need the genprof utilities to examine all the
relevant logs, not just pick one of them, in particular as session
dbus mediation starts to occur.
--
Steve Beattie
<sbeattie at ubuntu.com>
http://NxNW.org/~steve/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: Digital signature
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20130822/ca27d939/attachment.pgp>
More information about the AppArmor
mailing list