[apparmor] Change hat explanation
azurIt
azurit at pobox.sk
Mon Sep 23 20:58:36 UTC 2013
Hi,
i'm little confused about how changing hat is supposed to work. Example from my environment:
I have Apache web server which serves web sites of our users. It has only privileges which users needs. The same Apache (but another instance) is serving also administration system - it needs little more privileges. I created a hat for admin interface which has more privileges than main profile and our admin system is changing into it immediately after starting.
My questions:
1.) Is this what are hats for?
2.) How do i prevent normal Apache/users from changing hats too and getting more privileges?
Thank you.
azur
More information about the AppArmor
mailing list