[apparmor] aa-logprof doesn't check if user is root
Christian Boltz
apparmor at cboltz.de
Wed Jan 15 20:44:56 UTC 2014
Hello,
Am Mittwoch, 15. Januar 2014 schrieb Aaron Lewis:
> aa-logprof doesn't check if user is root
>
> Can someone add the verification please? just like aa-status and
> others
Well, not always ;-)
aa-logprof doesn't always need root permissions (well, except for
reloading the profiles). You can easily run it as user when using -f
/my/logfile -d /path/to/profiles/ (assuming the user has access to both
/my/logfile and /path/to/profiles/).
I know this isn't the typical usecase, but still something that should
be possible. (However, maybe we should think about having the root check
enabled by default, and add an option --no-profile-reload that also
skips the root check.)
That said - feel free to test the rewritten tools available at
https://code.launchpad.net/apparmor-profile-tools
Regards,
Christian Boltz
--
Weißt Du, man soll ja eigentlich keine Leute auf öffentlichen
Mailinglisten beschimpfen, sie kratzen oder ihnen Tiernamen geben.
Aber die traumwandlerische Sicherheit, mit der Du den relevanten Teil
des Logs weggeschnitten hast, ist schon beeindruckend.
Also, Du Hängebauchschwein, fühl Dich beschimpft und gekratzt ;-)
[Stefan Förster in postfixbuch-users]
More information about the AppArmor
mailing list