[apparmor] GSoC review r48..51
Tyler Hicks
tyhicks at canonical.com
Thu Aug 22 20:43:46 UTC 2013
On 2013-08-22 22:19:59, Christian Boltz wrote:
> Hello,
>
> the review for r48, 49, 50 and 51 is attached.
>
> Of course feedback to all the code is always welcome (I don't have a
> monopoly on reviewing GSoC code ;-) but there's a detail I'd like to
> discuss:
>
> aa-genprof.py has:
>
> if os.path.exists('/var/log/audit/audit.log'):
> syslog = False
>
> I'm not sure if "audit.log exists" is the best way to choose the logfile
> but I have to admit that I don't have a better method ;-)
>
> Does someone have any better ideas? Or is the current way ok?
I think the current way is sufficient.
The audit subsystem allows privileged processes (with CAP_AUDIT_CONTROL)
to get the current audit status (see the audit_request_status(3) man
page), but that would add libaudit as a dependency and it only tells you
if auditd is currently running.
One other thing to keep in mind is that denials will be split across
syslog and the audit log in the future. As userspace programs (such as
dbus, display servers, etc.) are making security decisions based upon
AppArmor policy, they'll also be auditing those decisions. Privileged
processes (with CAP_AUDIT_WRITE) can use libaudit for audit messages,
but unprivileged processes cannot use the audit subsystem and their
audit messages must go to the syslog. This is unfortunate, but the audit
log must be clean and trustworthy so it makes sense that only the kernel
and privileged processes can write to it.
Tyler
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: Digital signature
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20130822/df54ad37/attachment-0001.pgp>
More information about the AppArmor
mailing list