support signal allowed for childs peers only
Bug #1712288 reported by
Mikhail Kurinnoi
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
AppArmor |
New
|
Undecided
|
Unassigned |
Bug Description
For now, we could use "signal" for peer or allow it for all. Is it possible to add for "signal" one more build-in variable @{childs}? Or in another way allow "signal" for childs processes only.
For example:
signal (send) set=(kill,term) peer="@{childs}",
will allow send signal to all childs processes only.
To post a comment you must log in.
Hi Mikhail, I like it.
Would you expect children of children to be included in this list?
If all the children will inherit the same profile, you could get something similar by using
signal (send) set=(kill,term) peer=@{ profile_ name},
Of course unrelated processes started within the same profile will still be able to signal each other, but this might be useful enough anyway.
Thanks