On Fri, Apr 29, 2016 at 12:30 PM, Steve Grubb <sgrubb(a)redhat.com> wrote:
On Friday, April 29, 2016 07:07:06 PM Vincas Dargis wrote:
> 2016.04.29 16:39, Steve Grubb rašė:
> > You'll have to ask the AppArmor folks. I gave them a whole block of
> > numbers to use for their own purposes so that we don't have any problems.
> > If they instead create malformed SE Linux events, then things will never
> > work right unless they patch them.
>
> Thank you for explanation, Steve. I'll bring this topic for them instead.
Just to clarify, its not like I don't want this to work. I do. The intention
of giving app armor its own block was that things its doing might not be a
100% fit for what SE Linux does. This was to give them the freedom to do their
own thing. If they chose not to use the block and instead try to shoe-horn
their events into a pre-existing one, there needs to be some discussion about
how to make things right.
-Steve
--
Linux-audit mailing list
Linux-audit(a)redhat.com
https://www.redhat.com/mailman/listinfo/linux-audit
[NOTE: I'm adding the AppArmor maintainer, John Johansen to this thread]
Hi John,
Heads-up, it looks like there might be some issues with AppArmor and auditing...
--
paul moore
security @ redhat