Lack of documentation on some TPE parameters

[morfikov]

There is a nice explanation what most of the TPE parameters do in the README file, but I haven't noticed there a parameter called tpe.lock . What does it do?

Also, what does tpe.xattr_soften do? The README file says: "check extended attributes for a soften flag." . What is this "soften flag" ? I couldn't find any info about it.

The next thing is ignore_softmode , which "enables extra features even if softmode is on" . What extra features? Does this mean all the tpe.extras.* options?

And the last one is extras/ -- I don't have this parameter in sysctl. Should I have it?

[cormander]

The tpe.lock prevents further changes to the sysctl settings. The tpe.xattr_soften is whether or not TPE checks filesystem extended attributes (see https://linux-audit.com/using-xattrs-extended-attributes-on-linux/). It's a way you can set permissive execution on files individually rather than using tpe.trusted_apps.

The ignore_softmode is so you can have TPE off but things under tpe.extras.* still on. The extras/ refers to the tpe.extras.* items.

I'll push up some better description of these when I get some time later on.

[morfikov]

OK, thanks.