[apparmor] new rule qualifier "quiet" or "noaudit"
Vincas Dargis
vindrg at gmail.com
Fri Apr 6 06:44:03 UTC 2018
On 4/3/18 1:48 AM, John Johansen wrote:
> Please vote for
>
> 1) quiet.
>
> quiet w /foo/bar/**,
>
> 2) noaudit
>
> noaudit w /foo/bar/**,
>
> 3) other
>
> please leave your suggestion.
>
+1 for quiet. "quiet" word is already widely used in CLI utilities, so
it's kinda natural fit.
>
> At the same time we should determine how it will be used as a profile
> flag
>
> A) the keyword by it self
>
> profile foo flags=(quiet) { ... }
> profile foo flags=(noaudit) { ... }
>
> B) the keyword as a modifier to the audit flag
>
> profile foo flags=(audit=quiet) { ... }
> profile foo flags=(audit=noaudit) { ... }
>
>
+A) . B) does seem more flexible, future proof? But it's kinda verbose.
And if audit mode is needed, would it be audit=audit? :)
More information about the AppArmor
mailing list