[apparmor] [Bug 881006] [NEW] "skip"/"ignore" option for logprof and genprof
Christian Boltz
881006 at bugs.launchpad.net
Mon Oct 24 17:58:34 UTC 2011
Public bug reported:
logprof and genprof should have an option to ignore/skip an entry in the
audit.log _without_ adding an allow or deny rule to the profile. The
intention is: it should be possible to postpone the decision about some
permissions.
[19:41] <cboltz> I got a feature request to add a "skip" option to logprof/genprof
[19:41] <cboltz> in case someone wants to ignore a log entry without adding a allow or deny rule
[19:41] <cboltz> what do you thing about this?
[19:45] <jjohansen> cboltz: I am not opposed, though that was the primary purpose of deny
[19:45] <cboltz> I could argue that logprof had this feature before deny rules were introduced ;-)
[19:45] <jjohansen> basically it was a way recording that logprof has seen the event and told to skip it.
[19:46] <cboltz> I know
[19:46] <jjohansen> the problem with skip from a logprof pov is you run it through a log and then it exits, and then you run it again it has forgotten what to skip
[19:47] <cboltz> I know, this is exactly what this user requested ;-)
[19:47] <jjohansen> of course from a genprof pov, skip without adding deny rules makes perfect sense
[19:47] <jjohansen> as you never process the same logs twice
[19:47] <jjohansen> cboltz: so sure we can add it, but its pretty low priority
** Affects: apparmor
Importance: Wishlist
Status: New
** Changed in: apparmor
Importance: Undecided => Wishlist
--
You received this bug notification because you are a member of AppArmor
Developers, which is the registrant for AppArmor.
https://bugs.launchpad.net/bugs/881006
Title:
"skip"/"ignore" option for logprof and genprof
Status in AppArmor Linux application security framework:
New
Bug description:
logprof and genprof should have an option to ignore/skip an entry in
the audit.log _without_ adding an allow or deny rule to the profile.
The intention is: it should be possible to postpone the decision about
some permissions.
[19:41] <cboltz> I got a feature request to add a "skip" option to logprof/genprof
[19:41] <cboltz> in case someone wants to ignore a log entry without adding a allow or deny rule
[19:41] <cboltz> what do you thing about this?
[19:45] <jjohansen> cboltz: I am not opposed, though that was the primary purpose of deny
[19:45] <cboltz> I could argue that logprof had this feature before deny rules were introduced ;-)
[19:45] <jjohansen> basically it was a way recording that logprof has seen the event and told to skip it.
[19:46] <cboltz> I know
[19:46] <jjohansen> the problem with skip from a logprof pov is you run it through a log and then it exits, and then you run it again it has forgotten what to skip
[19:47] <cboltz> I know, this is exactly what this user requested ;-)
[19:47] <jjohansen> of course from a genprof pov, skip without adding deny rules makes perfect sense
[19:47] <jjohansen> as you never process the same logs twice
[19:47] <jjohansen> cboltz: so sure we can add it, but its pretty low priority
To manage notifications about this bug go to:
https://bugs.launchpad.net/apparmor/+bug/881006/+subscriptions
More information about the AppArmor
mailing list