[apparmor] mount rule question
Steve Beattie
steve at nxnw.org
Mon Mar 12 18:39:35 UTC 2012
On Sat, Mar 10, 2012 at 01:07:39AM +0000, Seth Arnold wrote:
> That's tough; from consistency with "file" I might say yes, and I might
> think that any mount the application does it should be able to undo,
> but I wouldn't want calibre or whatever app winds up doing the ereader
> mounts on its behalf to be able to unmount backup storage or network
> mounts or per-user polyinstantiated mounts...
>
> I think I'd rather see two rules.
Well, in sane environments, udev will be doing the mounting and
unmounting for calibre. But if you do have an application that needs to
mount but that you don't trust, then you wouldn't be giving it carte
blanche to mount or umount anything; you'd write more specific mount
rules as to where things can be mounted/unmounted.
> ------Original Message------
> From: John Johansen
> Sender: apparmor-bounces at lists.ubuntu.com
> To: apparmor
> Subject: [apparmor] mount rule question
> Sent: Mar 9, 2012 3:23 PM
>
> should the rule
>
> mount,
>
> which allows all mounts also allow umount,
>
> If so should umount as a mount option as an optional umount rule that is
>
> mount option=umount,
> is the same as
> umount,
>
> and if so, should
> mount -> /foo,
>
> also allow umount
>
>
--
Steve Beattie
<sbeattie at ubuntu.com>
http://NxNW.org/~steve/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: Digital signature
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20120312/7e8a1b34/attachment.pgp>
More information about the AppArmor
mailing list