[PATCH] userspace: audit: ausearch doesn't return entries for AppArmor events that exist in the log
Steve Grubb
sgrubb at redhat.com
Fri Apr 29 16:30:15 UTC 2016
On Friday, April 29, 2016 07:07:06 PM Vincas Dargis wrote:
> 2016.04.29 16:39, Steve Grubb rašė:
> > You'll have to ask the AppArmor folks. I gave them a whole block of
> > numbers to use for their own purposes so that we don't have any problems.
> > If they instead create malformed SE Linux events, then things will never
> > work right unless they patch them.
>
> Thank you for explanation, Steve. I'll bring this topic for them instead.
Just to clarify, its not like I don't want this to work. I do. The intention
of giving app armor its own block was that things its doing might not be a
100% fit for what SE Linux does. This was to give them the freedom to do their
own thing. If they chose not to use the block and instead try to shoe-horn
their events into a pre-existing one, there needs to be some discussion about
how to make things right.
-Steve
More information about the Linux-audit
mailing list