[apparmor] [PATCH] private-files should disallow writing to .pki so files
Kees Cook
kees at ubuntu.com
Wed Jan 4 18:46:00 UTC 2012
On Wed, Jan 04, 2012 at 10:43:31AM -0600, Jamie Strandboge wrote:
> The private-files abstraction should explicitly deny writes to this
> directory. Since nss also stores certificates, etc in this directory,
> should use something like:
> audit deny @{HOME}/.pki/nssdb/*.so{,.[0-9]*} wl,
>
> Attached is a patch to achieve this (and fixes 2 spelling errors).
Acked-by: Kees Cook <kees at ubuntu.com>
--
Kees Cook
More information about the AppArmor
mailing list