[apparmor] AppArmor - dac_override questions

Seth Arnold seth.arnold at canonical.com
Mon Oct 26 19:17:35 UTC 2015

On Mon, Oct 26, 2015 at 07:36:54AM -0700, John Johansen wrote:
> It is possible that apparmor could set a tasks capabilities (this actually
> existed experimentally in the past) but it is easy to get wrong and
> allows the security policy author to inject security vulnerabilities.
> With the expansion of capabilities its even harder to get right, and
> so I don't see us adding the ability

While I was a fan of the interface that was done for setting capabilities
at the time, today I'm more skeptical that we'd be able to get all the
interactions correct between setuid/setgid/setcap executables,
interpreters, the three "traditional" capabilities lists per-process and
the newfangled "ambient capabilities" list for posix-draft capabilities,
user namespaces, all combined with the no-new-privs API.

While I'm sure we could do it if the demand were strong enough, I wouldn't
want to do it on a whim.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 473 bytes
Desc: Digital signature
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20151026/740f5856/attachment.pgp>

More information about the AppArmor mailing list