I think performance, and flexibility wise, the best solution would be to move mediation entirely to userspace.
Use the key/value store to provide flexibility on what match ordering to use, userspace policy caching so we don't have to round trip the kernel except when the policy is invalidated by a policy reload, etc. This would be the most flexible and performant solution and if done right. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1692582 Title: RFE: dbus AppArmor mediation matching by message type To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1692582/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
