[apparmor] audit and quiet rules

John Johansen john.johansen at canonical.com
Thu Dec 16 00:34:36 GMT 2010

Currently apparmor's audit and quiet rules are tied to granting or denying a specific set
of permissions.
     audit /foo r,   means audit and allow reads of access to /foo
     deny  /foo w,   means deny write to /w and quiet (don't audit) logging of the failed

I would like to propose extending the language to allow specifying an auditing and quieting,
separate from an explicit permission grant, via new audit_rulea and quiet_rules

    audit_rules /* r,

    would mean add audit to any portion of a rule that intersects with the rule specified
    in audit_rules.

More information about the AppArmor mailing list