https://bugzilla.novell.com/show_bug.cgi?id=241948 Summary: Add "Glob-Deny" to aa-logprof Product: openSUSE 10.3 Version: unspecified Platform: Other OS/Version: Other Status: NEW Severity: Enhancement Priority: P5 - None Component: AppArmor AssignedTo: dreynolds@novell.com ReportedBy: suse-beta@cboltz.de QAContact: dreynolds@novell.com I'm just running aa-logprof and deny'ing lots of /tmp/sess* files a PHP script with broken session.save_path tried to create. I can tell you that this is an annoying thing - I could also have made this a major bug instead of enhancement because it's a DoS on the admin ;-) I'd like to propose a new feature for aa-logprof: Glob-Deny How it could work: - select a glob as usual (let's say /tmp/sess_*) - choose glob-deny (instead of deny) - aa-logprof should not ask again for files matching this path Having this feature as per-session feature of aa-logprof might be enough in case you don't want to add a blocklist syntax to the apparmor profiles. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.