LSS: Kernel security subsystem reports
Posted Sep 27, 2012 22:27 UTC (Thu) by nix
Parent article: LSS: Kernel security subsystem reports
Beyond that, there are plans to add a "learning mode", similar to SELinux's audit2allow, so that policies can be created from the actions of running programs.
I'm reasonably sure something like this has been in AppArmor for many, many years. Certainly I remember Crispin demonstrating it (for that matter I remember using it).
Did it disappear? Where did it go?
to post comments)