On Mon, Aug 14, 2017 at 11:04 AM, Steve Grubb wrote:
> Hello,
>
> The fanotify interface can be used as an access control subsystem. If
> for some reason the policy is bad, there is potentially no good way to
> recover the system. This patch introduces a new command line variable,
> fanotify_enfor
On Tuesday, August 15, 2017 11:37:19 AM EDT Amir Goldstein wrote:
> > So, there is some utility to having the application stopped so that the
> > daemon can do its checks but then throw away the answer so that more of
> > the policy can be verified.
> >
> >> *if* at all this method is acceptable o
On Tue, Aug 15, 2017 at 4:44 PM, Steve Grubb wrote:
> On Tuesday, August 15, 2017 6:19:50 AM EDT Amir Goldstein wrote:
>> On Mon, Aug 14, 2017 at 5:04 PM, Steve Grubb wrote:
>> > Hello,
>> >
>> > The fanotify interface can be used as an access control subsystem. If
>> > for some reason the policy
On Tuesday, August 15, 2017 6:19:50 AM EDT Amir Goldstein wrote:
> On Mon, Aug 14, 2017 at 5:04 PM, Steve Grubb wrote:
> > Hello,
> >
> > The fanotify interface can be used as an access control subsystem. If
> > for some reason the policy is bad, there is potentially no good way to
> > recover th
On Tue 15-08-17 12:19:50, Amir Goldstein wrote:
> On Mon, Aug 14, 2017 at 5:04 PM, Steve Grubb wrote:
> > Hello,
> >
> > The fanotify interface can be used as an access control subsystem. If
> > for some reason the policy is bad, there is potentially no good way to
> > recover the system. This pat
On Mon, Aug 14, 2017 at 5:04 PM, Steve Grubb wrote:
> Hello,
>
> The fanotify interface can be used as an access control subsystem. If
> for some reason the policy is bad, there is potentially no good way to
> recover the system. This patch introduces a new command line variable,
> fanotify_enforc
Hello,
The fanotify interface can be used as an access control subsystem. If
for some reason the policy is bad, there is potentially no good way to
recover the system. This patch introduces a new command line variable,
fanotify_enforce, to allow overriding the access decision from user
space. The
