[PATCH] userspace: audit: ausearch doesn't return entries for AppArmor events that exist in the log
Paul Moore
pmoore at redhat.com
Mon May 2 21:18:11 UTC 2016
On Fri, Apr 29, 2016 at 12:30 PM, Steve Grubb <sgrubb at redhat.com> wrote:
> On Friday, April 29, 2016 07:07:06 PM Vincas Dargis wrote:
>> 2016.04.29 16:39, Steve Grubb rašė:
>> > You'll have to ask the AppArmor folks. I gave them a whole block of
>> > numbers to use for their own purposes so that we don't have any problems.
>> > If they instead create malformed SE Linux events, then things will never
>> > work right unless they patch them.
>>
>> Thank you for explanation, Steve. I'll bring this topic for them instead.
>
> Just to clarify, its not like I don't want this to work. I do. The intention
> of giving app armor its own block was that things its doing might not be a
> 100% fit for what SE Linux does. This was to give them the freedom to do their
> own thing. If they chose not to use the block and instead try to shoe-horn
> their events into a pre-existing one, there needs to be some discussion about
> how to make things right.
>
> -Steve
>
> --
> Linux-audit mailing list
> Linux-audit at redhat.com
> https://www.redhat.com/mailman/listinfo/linux-audit
[NOTE: I'm adding the AppArmor maintainer, John Johansen to this thread]
Hi John,
Heads-up, it looks like there might be some issues with AppArmor and auditing...
--
paul moore
security @ redhat
More information about the Linux-audit
mailing list