[apparmor] [patch 1/3] profiles: allow apache hats to receive signals from unconfined
jamie at canonical.com
Fri Jun 20 22:08:09 UTC 2014
On 06/20/2014 04:20 PM, Steve Beattie wrote:
> On Fri, Jun 20, 2014 at 10:17:26AM -0700, John Johansen wrote:
>> If any of the hats use the base provided abstraction they are going to
>> get signals and tracing from unconfined anyways.
> Not if they're using trunk's abstractions/base:
> $ bzr up
> All changes applied successfully.
> Updated to revision 2542 of branch bzr+ssh://bazaar.launchpad.net/+branch/apparmor
> $ grep signal profiles/apparmor.d/abstractions/base
> So we on the ubuntu side need to push the patch that adds that to
Hrmm, this was clearly an oversight on my part:
[ Jamie Strandboge ]
Adjust the base abstraction for signals and ptrace mediation. Profiles
that use the base abstraction can deny any of the granted permissions to
achieve tighter confinement.
I've taken a todo to post this to the list. Sorry...
Jamie Strandboge http://www.ubuntu.com/
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 884 bytes
Desc: OpenPGP digital signature
More information about the AppArmor