On Mon, Apr 24, 2006 at 11:16:25AM -0400, Joshua Brindle wrote:
> To make this much more real, the /usr/sbin/named policy that ships with
> apparmor has the following line:
Ships with AppArmor where? On SuSE?
> /** r,
> Thats right, named can read any file on the system, I suppose this is
> because the policy relies on named being chrooted. So if for any reason
> named doesn't chroot its been granted read access on the entire
> filesystem. If I'm misunderstanding this policy please correct me but I
> believe this shows the problem very loudly and clearly.
The d_path changes for absolute path mediation for chroot are not yet in any
SuSE release. Nor are they reflected in any developed profiles (yet).
Another direction is a new security_chroot hook together with appropriate
CLONE_FS tracking (inside AppArmor) to force chrooting confined tasks into a
subprofile (similar to change hat). We are evaluating the options based on
feedback here and from other places. Hence the RFC.
I hope this helps.
Tony
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
[Index of Archives]
[Kernel Newbies]
[Netfilter]
[Bugtraq]
[Photo]
[Stuff]
[Gimp]
[Yosemite News]
[MIPS Linux]
[ARM Linux]
[Linux Security]
[Linux RAID]
[Video 4 Linux]
[Linux for the blind]
[Linux Resources]
