Open GoogleCodeExporter opened 9 years ago
GoogleCodeExporter
commented
9 years ago Mmm... I didn't know about this.
My first impression is that this is too specific to belong into psutil.
Anyway, what API do you think this should have?
According to your example it seems this should return a (file, user) tuple or
something. Original comment by g.rodola on 21 Feb 2014 at 11:34
GoogleCodeExporter
commented
9 years ago
http://manpages.ubuntu.com/manpages/saucy/man2/aa_getcon.2.html and
aa_gettaskcon is what interests us.
Such code:
#include <stdio.h>
#include <sys/apparmor.h>
int main() {
char *b1, *b2;
pid_t i;
for (i=0; i<100000; i++) {
if (aa_gettaskcon(i, &b1, &b2) != -1)
printf("[%s] [%s]\n", b1, b2);
}
}
gets us:
[/usr/sbin/pure-ftpd] [enforce]
[unconfined] [(null)]
[unconfined] [(null)]
[unconfined] [(null)]
[/usr/sbin/httpd.prefork] [enforce]
[/usr/sbin/httpd.prefork//HANDLING_UNTRUSTED_INPUT] [enforce]
so API for this could be tuple (context, mode)
(terms from man page, it's not file, not profile according to man page, it's
context and mode)
Note, on linux with apparmor disabled (# CONFIG_SECURITY_APPARMOR is not set)
you can't access that file:
$ LC_ALL=C cat /proc/4393/attr/current
cat: /proc/4393/attr/current: Invalid argument
apparmor is part of upstream linux kernel, so well... worth considering
supporting it. Same for SELinux tags.Original comment by ar...@maven.pl on 21 Feb 2014 at 12:04
GoogleCodeExporter
commented
9 years ago psutil has been migrated from Google Code to Github (see:
http://grodola.blogspot.com/2014/05/goodbye-google-code-im-moving-to-github.html
).
Please do NOT reply here but use this instead:
https://github.com/giampaolo/psutil/issues/483Original comment by g.rodola on 26 May 2014 at 3:06
Original issue reported on code.google.com by
ar...@maven.plon 21 Feb 2014 at 11:24