-
-
Notifications
You must be signed in to change notification settings - Fork 34
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
common policy #24
Comments
Hi. There is no written approach of dealing with permissions. I can only see of a few rules:
Regarding More generally, for |
Should we use the |
Yes, when available you should always use abstraction anyway. Now, a few profile require more than what is in the |
I don't have a service file at hand though.
https://gitlab.com/apparmor/apparmor/-/wikis/AppArmorGSettings |
From an anonymity stand, it is be more interesting to share the same id across all Linux user that generate a new unique one every time. |
Is it important to use |
It has this license because it is initially based on another project (https://gitlab.com/morfikov/apparmemall) that is GPL2 licensed. |
Also it is the same license than apparmor itself including the "official" apparmor profiles. So it makes it easier to upstream the work. |
There are many command line programs. In principle, users can execute them in a wrapper that gives anonymous pipes to a command line program. (Actually, it's what I'm doing on my computer.) This way, we don't need to grant the access to terminal device files to every program. The interaction of GUI programs with the terminal is even more limited: they just print error and debug messages to
|
I did not work on this specific question yet. So I do not know what is the best way to process (recommendation are welcome). However, there is always the trade off of security vs program breakage. For instance, we cannot assume the program are launch from a wrapper because that would most likely break a lot of program. So for now, the |
Should I use |
For now let's keep |
GVFS. You said in #63 that we should deny the following permission.
Without this permission, Evince floods the kernel log and Evince doesn't remember the last position in the document. I conclude that this is expected from the information I found on GVFS. I suppose this is a common issue. What's the plan on this? AppArmor rules for GVFS which restrict access via GVFS to specific files? |
Hi. I'm new to AppArmor. Writing a profile surely requires profound knowledge of Linux internals. Reading your profiles was of great help to me. Is there a written approach of dealing with permissions (what is acceptable and what is not) adopted by this repository? Examples of what I mean:
/etc/machine-id
. On one hand, it can be used to track a computer. On the other hand, I believe, there are plenty of ways to track using writing access to common cache directories.stdin
. Hence it will be able to read a password, for example.dconf
. I see many GUI programs require it. This is a configuration server like Windows Registry. Does the access todconf
gives a way to modify other programs' settings? That would be unacceptable. Configuration files don't have this vulnerability.Knowing your policy will be useful if I ever contribute to your repository and for writing my own profiles.
The text was updated successfully, but these errors were encountered: