On Mon, 24 Apr 2006 11:16:25 EDT, Joshua Brindle said: > To make this much more real, the /usr/sbin/named policy that ships with > apparmor has the following line: > /** r, > Thats right, named can read any file on the system, I suppose this is > because the policy relies on named being chrooted. So if for any reason > named doesn't chroot its been granted read access on the entire > filesystem. Somebody *please* tell me I hallucinated the posting that said AppArmor restricts the use of chroot by confined processes... In any case, the incredibly brittle behavior of this policy in the face of chroot() failure (from the people who should *know* how to write AppArmor policy, no less) is just proof of why making it simple for non-experts to write policy is a Bad Idea....
Attachment:
pgpTjVIQVztX0.pgp
Description: PGP signature
- Follow-Ups:
- Re: [RFC][PATCH 0/11] security: AppArmor - Overview
- From: Tony Jones <[email protected]>
- Re: [RFC][PATCH 0/11] security: AppArmor - Overview
- References:
- [RFC][PATCH 0/11] security: AppArmor - Overview
- From: Tony Jones <[email protected]>
- Re: [RFC][PATCH 0/11] security: AppArmor - Overview
- From: Neil Brown <[email protected]>
- Re: [RFC][PATCH 0/11] security: AppArmor - Overview
- From: Joshua Brindle <[email protected]>
- Re: [RFC][PATCH 0/11] security: AppArmor - Overview
- From: Andi Kleen <[email protected]>
- Re: [RFC][PATCH 0/11] security: AppArmor - Overview
- From: Joshua Brindle <[email protected]>
- Re: [RFC][PATCH 0/11] security: AppArmor - Overview
- From: Joshua Brindle <[email protected]>
- [RFC][PATCH 0/11] security: AppArmor - Overview
- Prev by Date: Re: Compiling C++ modules
- Next by Date: Re: Compiling C++ modules
- Previous by thread: Re: [RFC][PATCH 0/11] security: AppArmor - Overview
- Next by thread: Re: [RFC][PATCH 0/11] security: AppArmor - Overview
- Index(es):
 |