On Fri, Apr 29, 2016 at 12:30 PM, Steve Grubb <[email protected]> wrote: > On Friday, April 29, 2016 07:07:06 PM Vincas Dargis wrote: >> 2016.04.29 16:39, Steve Grubb rašė: >> > You'll have to ask the AppArmor folks. I gave them a whole block of >> > numbers to use for their own purposes so that we don't have any problems. >> > If they instead create malformed SE Linux events, then things will never >> > work right unless they patch them. >> >> Thank you for explanation, Steve. I'll bring this topic for them instead. > > Just to clarify, its not like I don't want this to work. I do. The intention > of giving app armor its own block was that things its doing might not be a > 100% fit for what SE Linux does. This was to give them the freedom to do their > own thing. If they chose not to use the block and instead try to shoe-horn > their events into a pre-existing one, there needs to be some discussion about > how to make things right. > > -Steve > > -- > Linux-audit mailing list > [email protected] > https://www.redhat.com/mailman/listinfo/linux-audit
[NOTE: I'm adding the AppArmor maintainer, John Johansen to this thread] Hi John, Heads-up, it looks like there might be some issues with AppArmor and auditing... -- paul moore security @ redhat -- Linux-audit mailing list [email protected] https://www.redhat.com/mailman/listinfo/linux-audit
