[apparmor] sshd and hats

John Johansen john.johansen at canonical.com
Tue Sep 29 22:05:00 UTC 2015


On 09/28/2015 09:38 AM, Simon Deziel wrote:
> On 09/27/2015 08:00 PM, John Johansen wrote:
>> On 09/27/2015 01:32 PM, Simon Deziel wrote:
>>> Hi *,
>>>
>>> I found an old profile for sshd [1] and made it work on Ubuntu Trusty.
>>> Now, everything from the primary/main profile [2] works fine so I'd like
>>> to make use of hats.
>>>
>>>  ldd /usr/sbin/sshd | grep apparmor
>>>  # gives nothing...
>>>
>>> So I'm wondering if the OpenSSH version shipped by Ubuntu is "hat"
>>> aware? Any pointers would be greatly appreciated as I'm eager to use
>>> those hats!
>>>
>> It is not [...snip...]
> 
> Thanks John, that's what I was fearing.
> 
> I don't know the amount effort it would take to enable changing hats in
> OpenSSH but I'd be interested in seeing this in 16.04. If that can help,
> I'd be available to test it thoroughly. Please let me know if I should
> open a wish-list item on LP.
> 
Its not hard, its just a matter of finding where to insert a few lines
of code. We have done it in the past. The issue is around getting distros
to carry the patch, or getting upstream to accept it.




More information about the AppArmor mailing list