aa-status needs a major update. It doesn't support several things
- profile stacks
- newer profile modes
- additional profile info available in kernel (revision etc)
- it doesn't deal with namespaces
- can't identify when userspace and kernel policy are out of sync
- doesn't take advantage of newer apis when available
- doesn't work with unprivileged policy
The actual mechanics of aa-status are pretty straight forward. It wouldn't be too hard to rewrite in C and since its part of the required base it should be.
aa-status needs a major update. It doesn't support several things
- profile stacks
- newer profile modes
- additional profile info available in kernel (revision etc)
- it doesn't deal with namespaces
- can't identify when userspace and kernel policy are out of sync
- doesn't take advantage of newer apis when available
- doesn't work with unprivileged policy
The actual mechanics of aa-status are pretty straight forward. It wouldn't be too hard to rewrite in C and since its part of the required base it should be.