Re: [RFC][PATCH 0/11] security: AppArmor - Overview

[Tony Jones]

On Mon, Apr 24, 2006 at 11:16:25AM -0400, Joshua Brindle wrote:
> To make this much more real, the /usr/sbin/named policy that ships with 
> apparmor has the following line:

Ships with AppArmor where?  On SuSE?

> /** r,
> Thats right, named can read any file on the system, I suppose this is 
> because the policy relies on named being chrooted. So if for any reason 
> named doesn't chroot its been granted read access on the entire 
> filesystem. If I'm misunderstanding this policy please correct me but I 
> believe this shows the problem very loudly and clearly.

The d_path changes for absolute path mediation for chroot are not yet in any 
SuSE release. Nor are they reflected in any developed profiles (yet).

Another direction is a new security_chroot hook together with appropriate 
CLONE_FS tracking (inside AppArmor) to force chrooting confined tasks into a 
subprofile (similar to change hat). We are evaluating the options based on 
feedback here and from other places.  Hence the RFC.

I hope this helps.

Tony
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/