[prev in list] [next in list] [prev in thread] [next in thread]
List: apparmor-dev
Subject: [apparmor] [Bug 881006] [NEW] "skip"/"ignore" option for logprof
From: Christian Boltz <881006 () bugs ! launchpad ! net>
Date: 2011-10-24 17:58:34
Message-ID: 20111024175834.3010.37783.malonedeb () chaenomeles ! canonical ! com
[Download RAW message or body]
Public bug reported:
logprof and genprof should have an option to ignore/skip an entry in the
audit.log _without_ adding an allow or deny rule to the profile. The
intention is: it should be possible to postpone the decision about some
permissions.
[19:41] <cboltz> I got a feature request to add a "skip" option to logprof/genprof
[19:41] <cboltz> in case someone wants to ignore a log entry without adding a allow \
or deny rule [19:41] <cboltz> what do you thing about this?
[19:45] <jjohansen> cboltz: I am not opposed, though that was the primary purpose of \
deny [19:45] <cboltz> I could argue that logprof had this feature before deny rules \
were introduced ;-) [19:45] <jjohansen> basically it was a way recording that logprof \
has seen the event and told to skip it. [19:46] <cboltz> I know
[19:46] <jjohansen> the problem with skip from a logprof pov is you run it through a \
log and then it exits, and then you run it again it has forgotten what to skip \
[19:47] <cboltz> I know, this is exactly what this user requested ;-) [19:47] \
<jjohansen> of course from a genprof pov, skip without adding deny rules makes \
perfect sense [19:47] <jjohansen> as you never process the same logs twice
[19:47] <jjohansen> cboltz: so sure we can add it, but its pretty low priority
** Affects: apparmor
Importance: Wishlist
Status: New
** Changed in: apparmor
Importance: Undecided => Wishlist
--
You received this bug notification because you are a member of AppArmor
Developers, which is the registrant for AppArmor.
https://bugs.launchpad.net/bugs/881006
Title:
"skip"/"ignore" option for logprof and genprof
Status in AppArmor Linux application security framework:
New
Bug description:
logprof and genprof should have an option to ignore/skip an entry in
the audit.log _without_ adding an allow or deny rule to the profile.
The intention is: it should be possible to postpone the decision about
some permissions.
[19:41] <cboltz> I got a feature request to add a "skip" option to logprof/genprof
[19:41] <cboltz> in case someone wants to ignore a log entry without adding a allow \
or deny rule [19:41] <cboltz> what do you thing about this?
[19:45] <jjohansen> cboltz: I am not opposed, though that was the primary purpose \
of deny [19:45] <cboltz> I could argue that logprof had this feature before deny \
rules were introduced ;-) [19:45] <jjohansen> basically it was a way recording that \
logprof has seen the event and told to skip it. [19:46] <cboltz> I know
[19:46] <jjohansen> the problem with skip from a logprof pov is you run it through \
a log and then it exits, and then you run it again it has forgotten what to skip \
[19:47] <cboltz> I know, this is exactly what this user requested ;-) [19:47] \
<jjohansen> of course from a genprof pov, skip without adding deny rules makes \
perfect sense [19:47] <jjohansen> as you never process the same logs twice
[19:47] <jjohansen> cboltz: so sure we can add it, but its pretty low priority
To manage notifications about this bug go to:
https://bugs.launchpad.net/apparmor/+bug/881006/+subscriptions
--
AppArmor mailing list
AppArmor@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic