[apparmor] Profile variable for the PID of the confined process?

John Johansen john.johansen at canonical.com
Thu Mar 19 19:18:08 UTC 2015


On 03/19/2015 04:56 AM, intrigeri wrote:
> John Johansen wrote (19 Mar 2015 10:35:35 GMT) :
>> Not yet, I have done work towards providing this but it isn't available
>> yet.
> 
>> The plan has been to leverage the existing @{pid} as the kernel variable
>> so that profiles automatically become tighter.
> 
> OK, thanks! So this will require new kernel patches, right?
> 
yes, it will require both a new kernel and a new parser. The goal at the
moment is to write policy with the coming feature in mind so that policy
can take advantage of it immediately without any changes.





More information about the AppArmor mailing list