[apparmor] safe/unsafe keywords
John Johansen
john.johansen at canonical.com
Sun Aug 14 20:49:55 UTC 2011
On 08/13/2011 04:32 PM, Christian Boltz wrote:
> Hello,
>
> I just found the "safe" and "unsafe" keywords in the 2.6 release notes
> ;-) which means they are not supported in apparmor.vim yet
>
Hrmmm, for some reason I thought I had talked you about them. Sorry
didn't mean to just drop them on you. They have existed for quite
awhile 2.6 just made them consistent.
> To which *x rules do they apply?
> I'd guess px, ux and cx - correct?
>
yep, or any of their variants. pix, pux, cix, cux, basically anything but
ix. I know there has been discussion about even allowing controlling
environment scrubbing for plain ix but it has been generally felt not worth
it.
More information about the AppArmor
mailing list