[apparmor] Apache2 mod apparmor security concerns

Jeroen Ooms jeroen.ooms at stat.ucla.edu
Wed Apr 25 23:27:57 UTC 2012

I am running a web service in which I basically allow the user to run
any custom code. I use AppArmor to prevent malicious use. I am using
Apache2 apparmor module with a ^hat profile to restrict privileges for
my service.

However I am starting to doubt if this can actually be done. Because I
allow the user to run any code, it can potentially try to call
aa_change_hat, or create hard links to system files, etc. Will this
work, or will AppArmor prevent this?

More information about the AppArmor mailing list