[apparmor] mount rule question
Christian Boltz
apparmor at cboltz.de
Mon Mar 12 22:23:05 UTC 2012
Hello,
Am Montag, 12. März 2012 schrieb Seth Arnold:
> About the more specific mount rules, yes, that would work for me -- I
> use the same usb mass storage adapter to get files from my camera and
> the same ebook reader. (Well, I do all my mounting manually, by hand,
> but still.) But a distribution won't have that luxury when shipping a
> profile for the magic windows-style mounting behavior -- it'll have
> to support all devices without hassle.
Indeed.
The only restriction a distribution can do is: allow only mountpoints
/media/* (at least that's what openSUSE uses for automagically mounted
devices).
This restricton makes sure that an application can't umount your /home
or /usr ;-) - but obviously it can't protect your ebook reader from
being mounted as /media/something.
And BTW, the "mount" rule should not allow "umount". That would be
unexpected behaviour IMHO.
Regards,
Christian Boltz
--
>So, Helm aufsetz und auf Steine wart ...
*werf*
*Steine! Flache Steine! Runde Steine! Grosse Steine! Kleine Steine!*
*Wer will noch mal, wer hat noch nicht?*
[> Manfred Tremmel und David Haller in suse-linux]
More information about the AppArmor
mailing list