[apparmor] AppArmor kernel audit locks up system
Paul Moore
paul at paul-moore.com
Wed Oct 18 22:23:20 UTC 2023
On Wed, Oct 18, 2023 at 5:00 PM Paul Moore <paul at paul-moore.com> wrote:
> On Wed, Oct 18, 2023 at 4:50 PM Paul Moore <paul at paul-moore.com> wrote:
> > It shouldn't, the only time we ever really operate on something other
> > than @current is when a fork/clone happens and we are filtering on the
> > new child process. At least that used to be the case, I can't imagine
> > someone would audit something other than @current (not sure you could
> > with respect to this stuff?), but I guess it couldn't hurt to double
> > check on the current code base.
>
> Yes, that still looks to be the case.
>
> --
> paul-moore.com
Patch posting:
https://lore.kernel.org/audit/20231018222023.371274-2-paul@paul-moore.com
--
paul-moore.com
More information about the AppArmor
mailing list