Re: [RFC][PATCH 5/11] security: AppArmor - Filesystem

[Amy Griffis]

Tony Jones wrote:     [Wed Apr 19 2006, 01:49:46PM EDT]
> This patch implements the AppArmor file structure underneath securityfs.
> Securityfs is normally mounted as /sys/kernel/security
> 
> The following files are created under /sys/kernel/security/apparmor
> 	control
> 		audit	   - Controls the global setting for auditing all
> 			     accesses.
> 		complain   - Controls the global setting for learning mode
> 			     (usually this is set per profile rather than
> 			     globally)
> 		debug	   - Controls whether debugging is enabled.
> 			     This needs to be made more fine grained
> 		logsyscall - Controls whether when logging to the audit 
> 			     subsystem full syscall auditing is enabled.

Why not use audit's audit_enabled toggle instead?  This would
eliminate the overhead of data collection for syscall auditing, in
addition to eliminating the extra log data.

Is it likely that a user will want to keep syscall auditing on for
some applications, while having it disabled for AppArmor's use?

> 
> 		The values by default for all of the above are 0.
> 
> 	matching - Returns the features of the installed matching submodule
> 	profiles - Returns the profiles currently loaded and for each whether
> 		   it is in complain (learning) or enforce mode.
> 	.load
> 	.remove
> 	.replace - Used by userspace tools to load, remove and replace new 
> 		   profiles.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/