[apparmor] PUx permissions?
Christian Boltz
apparmor at cboltz.de
Tue Apr 19 21:16:09 UTC 2011
Hello,
Am Dienstag, 19. April 2011 schrieb John Johansen:
> On 04/18/2011 01:08 PM, Christian Boltz wrote:
> > Is pux also allowed? What about Pux and pUx? ;-)
>
> Currently the P and U share the unsafe flag so technically it
> would be
> PUx and pux
> but I the Parser will take Pux, and pUx and in those cases it
> is the P that determines whether the environment variables are
> scrubbed.
Hmm, that doesn't sound like a good solution to me. I'd say either the
parser should reject Pux and pUx (or at least print a warning), or it
should keep separate unsafe flags.
> > Regarding apparmor.vim: I'll classify PUx like Ux color-wise
> > because worst case (no profile exists) means Ux behaviour.
>
> yes please.
I fully agree for PUx and pux.
For Pux and pUx - should I allow them and mark them as "unsave"
(underline) or should I mark them as error?
(I know they are are allowed technically, however nobody will know
and/or expect the exact behaviour regarding the unsafe flag because,
well, it's really unexpected ;-) Therefore my thought about just
marking them as error.)
Final question: Is the order of P and U fixed or can I also use UPx and
upx?
Regards,
Christian Boltz
--
you should realize that the majority of the developers are located
in Germany (that's in Europe). There are time differences involved
(not everyone works 24 hrs/day like Andreas Jaeger)
[Rasmus Plewe in opensuse]
More information about the AppArmor
mailing list