[apparmor] "default"/"system" profile
Steve Beattie
steve at nxnw.org
Tue May 21 01:53:47 UTC 2013
On Mon, May 20, 2013 at 02:49:50PM -0700, John Johansen wrote:
> On 05/20/2013 02:16 PM, Seth Arnold wrote:
> > On Sun, May 19, 2013 at 05:07:16AM -0700, John Johansen wrote:
> >> - the default profile will be exposed to userspace via a file under
> >> its namespace in aafs
> >> - we could allow this file to be written to allow manually
> >> switching the default profile
> >
> > Is there anything wrong with just trying for specified only in policy
> > for a little while first? It doesn't seem like it'd be hard to write nor
> > hard to use, but I'm not quickly seeing the problem it solves and the
> > complexity of profiles not matching the kernel's view is potential for
> > misunderstanding.
> >
> no that was my plan, start with in policy only + file to introspect, but
> not change, and we can extend it later if need be.
I am in favor of in-policy definitions for this and I'm okay
with your plan; however, the thought I had was that it might ease
initial development and testing if the aafs files were writable,
rather than depending on the parser being updated to support the new
policy language.
--
Steve Beattie
<sbeattie at ubuntu.com>
http://NxNW.org/~steve/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: Digital signature
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20130520/49af1759/attachment.pgp>
More information about the AppArmor
mailing list