[apparmor] Questions about RBAC and profile load-time of AppArmor
fykcee1 at gmail.com
fykcee1 at gmail.com
Mon Dec 6 13:44:32 GMT 2010
Hi all,
I've read documents on apparmor.wiki.kernel.org, it mentions different RBAC
implementations for each release of AppArmor. What is the preferred way of
using RBAC?
- Using pam_apparmor to change hat for login service, and then forks a
confined session(e.g. /bin/bash)?
- If the confined session launches a process without a corresponding
profile, will this process be confined?
- Does a role transition require a logout and login to another account?
Also, does AppArmor support "on daemon profile load"? i.e. Load a profile
just before related program get executed automatically, and then unload the
profile when program terminates -- saving some memory footprint.
--
Regards,
- cee1
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.ubuntu.com/archives/apparmor/attachments/20101206/da98d648/attachment.htm
More information about the AppArmor
mailing list