Re: AppArmor Security Goal

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Sat, 10 Nov 2007, John Johansen wrote:

On Sat, Nov 10, 2007 at 03:52:31PM -0800, [email protected] wrote:
On Sat, 10 Nov 2007, Dr. David Alan Gilbert wrote:

Allowing a user to tweak (under constraints) their settings might allow
them to do something like create two mozilla profiles which are isolated
from each other, so that the profile they use for general web surfing
is isolated from the one they use for online banking.

the model of being able to add restrictions would still handle this. make
two shell scripts (one to start each browser profile) and set the AA policy
for these scripts to only have access to the appropriate directories.

yes you could do this, though I tend to want it just so I can control
which of my files firefox should be able to touch, without messing
up system policy.

right, I was showing how you could easily create two different firefox browsers being able to access different things, and how it could be done with user-based policies that tighten restrictions only (which are being considered)

David Lang
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

[Index of Archives]     [Kernel Newbies]     [Netfilter]     [Bugtraq]     [Photo]     [Stuff]     [Gimp]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Video 4 Linux]     [Linux for the blind]     [Linux Resources]
  Powered by Linux