On Thu, Mar 07, 2013 at 04:17:39PM -0800, Tyler Hicks wrote: > > Am I just overcomplicating things? > > No, it is a potentially valid use case but I'm trying to keep this > interface simple so that most applications don't have to worry about > bitwise operations of four permission masks that come from the kernel. > It seems like overkill to me in most cases.
Getting the bitfiddling right in one place sounds like a good idea to me, too :) > Does the AA kernel code do any type of audit rate limiting like this? I thought it had some rate limiting in place, but now all I see is some debugging code: #define AA_DEBUG(fmt, args...) \ do { \ if (aa_g_debug && printk_ratelimit()) \ printk(KERN_DEBUG "AppArmor: " fmt, ##args); \ } while (0) #define AA_ERROR(fmt, args...) \ do { \ if (printk_ratelimit()) \ printk(KERN_ERR "AppArmor: " fmt, ##args); \ } while (0) Maybe I was thinking of the rsyslog-based rate-limiting.
signature.asc
Description: Digital signature
-- AppArmor mailing list AppArmor@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor