[apparmor] environment variables
John Johansen
john.johansen at canonical.com
Wed Nov 9 21:21:10 UTC 2011
On 11/09/2011 12:35 PM, Kees Cook wrote:
> On Tue, Nov 08, 2011 at 03:24:27PM -0800, John Johansen wrote:
>> On 11/08/2011 02:20 PM, Kees Cook wrote:
>>> On Mon, Nov 07, 2011 at 11:13:49PM -0800, John Johansen wrote:
>>>> 2. Environment filtering
>>>>
>>>> Environment filtering would be like extending the existing secure exec, except
>>>> with policy involvement, so the environment variable filtering could be defined
>>>> per rule or profile.
>>>>
>>>> It has many of the same questions as Matching.
>>>>
>>>> 2a. Should environment variable filtering be on the rule, profile or both?
>>>
>>> It seems like "both" would be the place to do it.
>>>
>>
>> Interesting, would you envision them being applied together, or as an intersection.
>> ie. Do the profile and file rules accumulate to increase the set of environment
>> vars that are passed, or do they intersect reducing the set.
>
> Hm, you caught me. I hadn't thought this through. :)
>
> I guess I was thinking about it from the Ux perspective, but in really
> pondering it, I think probably it would be most sensible to do it only from
> the profile side.
>
okay so the question becomes how do you envision specifying this for Ux binaries then.
This is where I get stuck with doing at the profile level, as the transition to any
given binary, may or may not be Ux, Px etc. ie. The same binary could be running
both confined and unconfined, have had different transitions etc.
I proposed something like
exec /foo/bar {
env PATH /usr/bin:/bin:*
env EDITOR
}
in a reply to cboltz, but I am not sure that feels right either, perhaps a better
keyword than exec. Something indicating this is only do when transitioning from
confined to unconfined would fix my issues.
More information about the AppArmor
mailing list