[apparmor] [PATCH 1/4] security: add security_path_chdir hook
Christian Boltz
apparmor at cboltz.de
Fri Nov 29 11:55:49 UTC 2013
Hello,
Am Donnerstag, 28. November 2013 schrieb John Johansen:
> On 11/28/2013 10:32 AM, Christian Boltz wrote:
> > Am Donnerstag, 28. November 2013 schrieb Seth Arnold:
> >> On Tue, Nov 05, 2013 at 05:34:58AM -0800, John Johansen wrote:
> > I reported some time ago that the audit.log contains stuff that
> > would be denied by file/directory permissions anyway (which also
> > means logging it more confusing than useful ;-) and the answer was
> > that this (IMHO buggy) behaviour is caused by the kernel.
>
> It is, and there is nothing we can do about it. We spent 2 almost 3
> years trying to get hooks inserted in better places. The path hooks
> are a compromise that allowed apparmor to be accepted into the
> upstream kernel.
> yes we could swap the ordering on these ones
Given what you wrote above, this would be a very good idea - I'd guess
it's much easier to get it into the right place when adding the hook ;-)
(And once we have enough hooks "at the right place", we might even have
an argument to move the older ones around ;-)
Regards,
Christian Boltz
--
Zu Schade, daß der ASCII-Zeichensatz keine kleinen Totenköpfe,
Blitze, Fäuste und Bömbchen hat... [Ratti in fontlinge-devel]
More information about the AppArmor
mailing list