[apparmor] [Bug 881006] [NEW] "skip"/"ignore" option for logprof and genprof

Christian Boltz 881006 at bugs.launchpad.net
Mon Oct 24 17:58:34 UTC 2011 

Public bug reported:

logprof and genprof should have an option to ignore/skip an entry in the
audit.log _without_ adding an allow or deny rule to the profile. The
intention is: it should be possible to postpone the decision about some
permissions.

[19:41] <cboltz> I got a feature request to add a "skip" option to logprof/genprof
[19:41] <cboltz> in case someone wants to ignore a log entry without adding a allow or deny rule
[19:41] <cboltz> what do you thing about this?
[19:45] <jjohansen> cboltz: I am not opposed, though that was the primary purpose of deny
[19:45] <cboltz> I could argue that logprof had this feature before deny rules were introduced ;-)
[19:45] <jjohansen> basically it was a way recording that logprof has seen the event and told to skip it.
[19:46] <cboltz> I know
[19:46] <jjohansen> the problem with skip from a logprof pov is you run it through a log and then it exits, and then you run it again it has forgotten what to skip
[19:47] <cboltz> I know, this is exactly what this user requested ;-)
[19:47] <jjohansen> of course from a genprof pov, skip without adding deny rules makes perfect sense
[19:47] <jjohansen> as you never process the same logs twice
[19:47] <jjohansen> cboltz: so sure we can add it, but its pretty low priority

** Affects: apparmor
     Importance: Wishlist
         Status: New

** Changed in: apparmor
   Importance: Undecided => Wishlist

-- 
You received this bug notification because you are a member of AppArmor
Developers, which is the registrant for AppArmor.
https://bugs.launchpad.net/bugs/881006

Title:
  "skip"/"ignore" option for logprof and genprof

Status in AppArmor Linux application security framework:
  New

Bug description:
  logprof and genprof should have an option to ignore/skip an entry in
  the audit.log _without_ adding an allow or deny rule to the profile.
  The intention is: it should be possible to postpone the decision about
  some permissions.

  [19:41] <cboltz> I got a feature request to add a "skip" option to logprof/genprof
  [19:41] <cboltz> in case someone wants to ignore a log entry without adding a allow or deny rule
  [19:41] <cboltz> what do you thing about this?
  [19:45] <jjohansen> cboltz: I am not opposed, though that was the primary purpose of deny
  [19:45] <cboltz> I could argue that logprof had this feature before deny rules were introduced ;-)
  [19:45] <jjohansen> basically it was a way recording that logprof has seen the event and told to skip it.
  [19:46] <cboltz> I know
  [19:46] <jjohansen> the problem with skip from a logprof pov is you run it through a log and then it exits, and then you run it again it has forgotten what to skip
  [19:47] <cboltz> I know, this is exactly what this user requested ;-)
  [19:47] <jjohansen> of course from a genprof pov, skip without adding deny rules makes perfect sense
  [19:47] <jjohansen> as you never process the same logs twice
  [19:47] <jjohansen> cboltz: so sure we can add it, but its pretty low priority

To manage notifications about this bug go to:
https://bugs.launchpad.net/apparmor/+bug/881006/+subscriptions

More information about the AppArmor mailing list