[apparmor] [patch 20/21] Add the ability to specify ptrace rules
Jamie Strandboge
jamie at canonical.com
Mon Mar 24 20:43:00 UTC 2014
On 03/17/2014 06:29 PM, john.johansen at canonical.com wrote:
> ptrace rules currently take the form of
>
> ptrace [<ptrace_perms>] [<peer_profile_name>],
> ptrace_perm := read|trace|readby|tracedby
> ptrace_perms := ptrace_perm | '(' ptrace_perm+ ')'
I just mentioned that signal should use this:
signal (send,receive) set=(kill) label=/profile/foo,
I think the same is true for ptrace. Ie:
ptrace (readby) label=/profile/foo,
It is more explicit and hearkens to the peer=() syntax without adding something
meaningless and also keeps it consistent with 'signal'.
--
Jamie Strandboge http://www.ubuntu.com/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 884 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20140324/549efddf/attachment.pgp>
More information about the AppArmor
mailing list