[apparmor] [PATCH] policy updates for ptrace and signal mediation

[Steve Beattie]

On Mon, Jun 23, 2014 at 03:30:08PM -0500, Jamie Strandboge wrote:
> On 06/23/2014 03:06 PM, Steve Beattie wrote:
> > On Mon, Jun 23, 2014 at 02:07:12PM -0500, Jamie Strandboge wrote:
> >>
> ...
> > 
> >> Description: Adjust base abstraction for ptrace and signal mediation
> >>
> >> Acked-By: Jamie Strandboge <jamie at canonical.com>
> >>
> >> === modified file 'profiles/apparmor.d/abstractions/base'
> >> --- profiles/apparmor.d/abstractions/base	2013-04-09 01:11:43 +0000
> >> +++ profiles/apparmor.d/abstractions/base	2014-06-23 18:56:50 +0000
> >> @@ -103,6 +103,27 @@
> >>    # glibc malloc (man 5 proc)
> >>    @{PROC}/sys/vm/overcommit_memory r,
> >>  
> >> +  # Allow other processes to read our /proc entries, futexes, perf tracing and
> >> +  # kcmp for now
> >> +  ptrace (readby),
> >> +
> >> +  # Allow other processes to trace us by default (they will need 'trace' in
> >> +  # the first place). Administrators can override with:
> >> +  #   deny ptrace (tracedby) ...
> >> +  ptrace (tracedby),
> > 
> > Would these two make more sense for peer=unconfined and
> > peer=@{profile_name}? Or is the intent to rely on the peer needing
> > "ptrace read" and "ptrace trace" permissions and not require both
> > profiles be modified?
> > 
> 
> The intent is to rely on the peer needing "ptrace read" and "ptrace trace" for
> the reason you mentioned cause it was pretty unwieldy without these rules.

Okay. Maybe add a similar comment about Administrators being able to
override with 'deny ptrace (readby)' for the readby case. With that,
Acked-by: Steve Beattie <steve at nxnw.org> for everything.

-- 
Steve Beattie
<sbeattie at ubuntu.com>
http://NxNW.org/~steve/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: Digital signature
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20140623/1bd09936/attachment.pgp>