[apparmor] [PATCH RFC] Add profile-based libapparmor query interface
Seth Arnold
seth.arnold at canonical.com
Fri Mar 8 00:26:16 UTC 2013
On Thu, Mar 07, 2013 at 04:17:39PM -0800, Tyler Hicks wrote:
> > Am I just overcomplicating things?
>
> No, it is a potentially valid use case but I'm trying to keep this
> interface simple so that most applications don't have to worry about
> bitwise operations of four permission masks that come from the kernel.
> It seems like overkill to me in most cases.
Getting the bitfiddling right in one place sounds like a good idea to
me, too :)
> Does the AA kernel code do any type of audit rate limiting like this?
I thought it had some rate limiting in place, but now all I see is some
debugging code:
#define AA_DEBUG(fmt, args...) \
do { \
if (aa_g_debug && printk_ratelimit()) \
printk(KERN_DEBUG "AppArmor: " fmt, ##args); \
} while (0)
#define AA_ERROR(fmt, args...) \
do { \
if (printk_ratelimit()) \
printk(KERN_ERR "AppArmor: " fmt, ##args); \
} while (0)
Maybe I was thinking of the rsyslog-based rate-limiting.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 490 bytes
Desc: Digital signature
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20130307/a769768a/attachment.pgp>
More information about the AppArmor
mailing list