mir/apparmor
2
0
Fork 0
mirror of https://gitlab.com/apparmor/apparmor synced 2025-09-02 23:35:37 +00:00
Code Issues Releases Wiki Activity

Update apparmor_kernel_development_guide_notifications

John Johansen
2018-12-04 16:53:00 +00:00
parent b77b1ffda2
commit ddbe9200e9
1 changed files with 20 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

20
apparmor_kernel_development_guide_notifications.md

@@ -27,6 +27,26 @@ There are different types of notifications
- multicast complain - multicast complain
- unicast prompt/reply - unicast prompt/reply
# Specifying When notifications should occur
## Policy based notifications
Notifications are not directly specified in policy instead they are based on profile flags, and rule prefixes along with the presences of a listener that matches the event.
- complain: broadcast any allowed message to all listeners, instead of auditing
- prompt: send any allowed message to the first matching listener
or a rule prefix.
- complain: as for the complain profile flag except only applies only to events that match the rule
- prompt: as for the prompt profile flag except only applies only to events that match the rule.
The profile flags apply to all actions that do NOT have a specific match in policy (explicit denies count as a match). The rule prefix applies similarly being lower priority than allow or deny rules, so in a situation with rule overlap it only applies to the part of the rule not covered by a regular allow or deny rule.
## State based notifications
# Scope of Notification # Scope of Notification
Namespace Namespace