On 05/14/2018 04:52 PM, Matthew Garrett wrote:
> On Wed, May 9, 2018 at 3:13 PM Matthew Garrett wrote:
>> I think that sounds like a decent behaviour. I'll test this ASAP.
>
> Yup, this seems to work. It depends on:
> apparmor: add the ability to get a task's secid and
> apparmor: add support for
On Wed, May 9, 2018 at 3:13 PM Matthew Garrett wrote:
> I think that sounds like a decent behaviour. I'll test this ASAP.
Yup, this seems to work. It depends on:
apparmor: add the ability to get a task's secid and
apparmor: add support for mapping secids and using secctxes
Any feelings about tho
On Wed, May 2, 2018 at 11:03 PM John Johansen
wrote:
> On 04/16/2018 11:23 AM, Matthew Garrett wrote:
> > This patch adds support to Apparmor for integrating with audit rule
> > filtering. Right now it only handles SUBJ_ROLE, interpreting it as a
> > single component of a label. This is sufficien
On 04/16/2018 11:23 AM, Matthew Garrett wrote:
> This patch adds support to Apparmor for integrating with audit rule
> filtering. Right now it only handles SUBJ_ROLE, interpreting it as a
> single component of a label. This is sufficient to get Apparmor working
> with IMA's appraisal rules without
This patch adds support to Apparmor for integrating with audit rule
filtering. Right now it only handles SUBJ_ROLE, interpreting it as a
single component of a label. This is sufficient to get Apparmor working
with IMA's appraisal rules without any modifications on the IMA side.
Signed-off-by: Matt