[apparmor] [patch 20/21] Add the ability to specify ptrace rules

Jamie Strandboge jamie at canonical.com
Mon Mar 24 20:43:00 UTC 2014

On 03/17/2014 06:29 PM, john.johansen at canonical.com wrote:
> ptrace rules currently take the form of
>   ptrace [<ptrace_perms>] [<peer_profile_name>],
>   ptrace_perm := read|trace|readby|tracedby
>   ptrace_perms := ptrace_perm | '(' ptrace_perm+ ')'

I just mentioned that signal should use this:

   signal (send,receive) set=(kill) label=/profile/foo,

I think the same is true for ptrace. Ie:

  ptrace (readby) label=/profile/foo,

It is more explicit and hearkens to the peer=() syntax without adding something
meaningless and also keeps it consistent with 'signal'.

Jamie Strandboge                 http://www.ubuntu.com/

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 884 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20140324/549efddf/attachment.pgp>

More information about the AppArmor mailing list