[apparmor] Fwd: Initial ideas on portals for file access
Jamie Strandboge
jamie at canonical.com
Fri Mar 13 21:05:43 UTC 2015
On 03/07/2015 04:19 AM, intrigeri wrote:
> Hi,
>
> here's some potentially interesting info, in particular the part about
> the privileged file chooser idea (and its limitations), that IIRC some
> of us have been working on already (BTW, what's the status thereof in
> the AppArmor world?)
>
What Alexander describes is similar to what Ubuntu is doing now[1] with the
content-hub[2]. We've not yet implemented a file chooser in Ubuntu yet, but now
that we are moving forward on the converged desktop, we will certainly be
looking at this.
AppArmor itself currently only provides the low level primitives for allowing
this to work, eg, restrictive file rules and dbus/unix mediation for talking to
an out of process trusted helper. In Ubuntu, that trusted helper is currently
the content-hub and applications have to be written to use it. Using LD_PRELOAD
or modifying file chooser functionality in toolkits is an idea that could be
used for existing applications.
[1]https://wiki.ubuntu.com/SecurityTeam/Specifications/ApplicationConfinement#Data_and_file_access-1
[2]https://developer.ubuntu.com/en/apps/platform/guides/content-hub-guide/
--
Jamie Strandboge http://www.ubuntu.com/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20150313/66bb7f4b/attachment.pgp>
More information about the AppArmor
mailing list