Re-sent with proper addressing ... Rob Meijer wrote: >> The >> system is " ... closure of permissions is precisely authority. >> * AppArmor confines processes if they are children ... document is to define the security goals that AppArmor has to live ...

linux-kernel - Crispin Cowan - Nov 13 2007 - 04:23

... , this is exactly why AppArmor does not let non-privileged users edit security policy. SELinux, SMACK, LIDS, etc. also all treat ... failed all of David Gilbert's questions (I think AppArmor can actually provide about half of what he ...

linux-kernel - Crispin Cowan - Nov 10 2007 - 19:14

... have to be privileged (root) to edit security policy and to reload policy. I ... or default document in an editor). >>> >> AppArmor will let you do that; most ... 's for editing your preferences, then AppArmor can confine that >> helper app with a ...

linux-kernel - Crispin Cowan - Nov 10 2007 - 18:41

... to be privileged (root) to edit security policy and to > reload policy. OK, ... might answer my questions anyway. > >> AppArmor will let you do that; most ... 's for editing your preferences, then AppArmor can confine that > >> helper app with ...

linux-kernel - Dr. David Alan Gilbert - Nov 10 2007 - 19:25

... crispin@crispincowan.com) wrote: > > * Manipulating AppArmor policy requires being both root ... for non-privileged users to change AppArmor policy. >> > It's a pity ... for editing your preferences, then AppArmor can confine that helper app ...

linux-kernel - Crispin Cowan - Nov 10 2007 - 18:11

... @crispincowan.com) wrote: > > >> * Manipulating AppArmor policy requires being both root ... non-privileged users to change AppArmor policy. > >> > > It's a pity ... for editing your preferences, then AppArmor can confine that > helper app ...

linux-kernel - Dr. David Alan Gilbert - Nov 10 2007 - 18:24

... logged into a giant shared machine. Sorry, AppArmor is >> not a good choice for that ... , and so not letting them >> edit security policy is probably a good idea. >> ... to edit the system policies, and you're done (assuming you are happy allowing ...

linux-kernel - Crispin Cowan - Nov 12 2007 - 19:50

... logged into a giant shared machine. Sorry, AppArmor = is > >> not a good choice for ... so not letting th= em > >> edit security policy is probably a good idea. > ... edit the > system policies, and you're done (assuming you are happy allowing ...

linux-kernel - John Johansen - Nov 12 2007 - 21:20

... style. This needs file or label based protection no matter the security framework. So we don't have the chroot problems of applications breaking out. Apparmors file access control features along with selinux's as a combined ...

linux-kernel - Peter Dolding - Nov 15 2007 - 18:58

... but it is at least consistent with the AppArmor view that unconfined processes can do absolutely anything and AppArmor won't try to stop them. The actual reason ... ways, and I don't believe that AppArmor is locked in stone, so either one ...

linux-kernel - Crispin Cowan - Nov 10 2007 - 17:24

... crispin@crispincowan.com) wrote: > * Manipulating AppArmor policy requires being both root privileged ... > and not being confined by AppArmor, thus there is explicitly no > ... non-privileged users to change AppArmor policy. It's a pity ...

linux-kernel - Dr. David Alan Gilbert - Nov 10 2007 - 18:04

... , but it is at least > consistent with the AppArmor view that unconfined processes can do > absolutely anything and AppArmor won't try to stop them. >=20 and ... ways, and I don't believe that > AppArmor is locked in stone, so either one ...

linux-kernel - John Johansen - Nov 10 2007 - 23:23

... user says they want to store their documents in /etc? > > >>>> AppArmor will let you do that; most of the work is ... that >>>> it exec's for editing your preferences, then AppArmor can confine that >>>> helper app with a different policy than ...

linux-kernel - david - Nov 10 2007 - 19:52

> I submit that the AppArmor model is valid, even if it totally failed all > of David Gilbert's questions (I think AppArmor can actually provide > about half of what he asked for). The model looks valid. I ...

linux-kernel - Alan Cox - Nov 10 2007 - 19:54

... > moment - something root cannot know in advance > (although with apparmor I guess mv $my_file apparmour_magic.name ; foo; > mv it ... 8)) > If you have unconfined root privilege on an AppArmor box, then setting up a temporary profile is trivial. As ...

linux-kernel - Crispin Cowan - Nov 12 2007 - 19:58

... . Those rules would depend on the exact file being edited at this moment - something root cannot know in advance (although with apparmor I guess mv $my_file apparmour_magic.name ; foo; mv it back might work 8)) - To unsubscribe from this list: send ...

linux-kernel - Alan Cox - Nov 10 2007 - 19:56

... rules would depend on the exact file being edited at this > moment - something root cannot know in advance > (although with apparmor I guess mv $my_file apparmour_magic.name ; foo; > mv it back might work 8)) the mechanism being desired was that the ...

linux-kernel - david - Nov 10 2007 - 21:27

... better understand the problem here. > > Note that John Johansen is also interested in allowing non-privileged > users to manipulate AppArmor policy, but his view was to only allow a > non-privileged user to further tighten the profile on a program. ...

linux-kernel - Casey Schaufler - Nov 10 2007 - 22:17

... become disconnected. In short under file revalidation deleted file are given a pass and disconnected files fail. For a more in depth explanation look at http://forgeftp.novell.com//apparmor/LKML_Submission-Oct-07/techdoc.pdf regards john

linux-kernel - John Johansen - Nov 10 2007 - 23:36

... understand the problem here. > >=20 > > Note that John Johansen is also interested in allowing non-privileged > > users to manipulate AppArmor policy, but his view was to only allow a > > non-privileged user to further tighten the profile on a program. ...

linux-kernel - John Johansen - Nov 10 2007 - 23:55