Tony Jones wrote: [Wed Apr 19 2006, 01:49:46PM EDT]
> This patch implements the AppArmor file structure underneath securityfs.
> Securityfs is normally mounted as /sys/kernel/security
>
> The following files are created under /sys/kernel/security/apparmor
> control
> audit - Controls the global setting for auditing all
> accesses.
> complain - Controls the global setting for learning mode
> (usually this is set per profile rather than
> globally)
> debug - Controls whether debugging is enabled.
> This needs to be made more fine grained
> logsyscall - Controls whether when logging to the audit
> subsystem full syscall auditing is enabled.
Why not use audit's audit_enabled toggle instead? This would
eliminate the overhead of data collection for syscall auditing, in
addition to eliminating the extra log data.
Is it likely that a user will want to keep syscall auditing on for
some applications, while having it disabled for AppArmor's use?
>
> The values by default for all of the above are 0.
>
> matching - Returns the features of the installed matching submodule
> profiles - Returns the profiles currently loaded and for each whether
> it is in complain (learning) or enforce mode.
> .load
> .remove
> .replace - Used by userspace tools to load, remove and replace new
> profiles.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
[Index of Archives]
[Kernel Newbies]
[Netfilter]
[Bugtraq]
[Photo]
[Stuff]
[Gimp]
[Yosemite News]
[MIPS Linux]
[ARM Linux]
[Linux Security]
[Linux RAID]
[Video 4 Linux]
[Linux for the blind]
[Linux Resources]
