[apparmor] [patch 1/3] profiles: allow apache hats to receive signals from unconfined
steve at nxnw.org
Fri Jun 20 21:20:09 UTC 2014
On Fri, Jun 20, 2014 at 10:17:26AM -0700, John Johansen wrote:
> If any of the hats use the base provided abstraction they are going to
> get signals and tracing from unconfined anyways.
Not if they're using trunk's abstractions/base:
$ bzr up
All changes applied successfully.
Updated to revision 2542 of branch bzr+ssh://bazaar.launchpad.net/+branch/apparmor
$ grep signal profiles/apparmor.d/abstractions/base
So we on the ubuntu side need to push the patch that adds that to
> So I think it makes sense to have this as the default for apache
> hats, and if the user really wants something tighter they will need
> to tweak policy.
I expect that most hats will include abstractions/base. And if they
want it tighter, then they can do as you say, tweak policy.
<sbeattie at ubuntu.com>
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 819 bytes
Desc: Digital signature
More information about the AppArmor