[apparmor] Support for owner specification
azurit at pobox.sk
azurit at pobox.sk
Wed Aug 24 08:46:49 UTC 2016
Hi,
this is written in AppArmor wiki (
http://wiki.apparmor.net/index.php/AppArmor_Core_Policy_Reference ):
===
extended ownership tests (not currently supported)
If the optional equal operator is used then, the test is not against
the euid/fsuid but that the object has the same uid as the uid(s)
following the equal sign.
eg.
owner=fred
owner=1001
owner=(fred)
owner=(fred george)
owner=(fred 1001)
===
Is this still not supported? If not, when it will be? Is support
missing only in userspace tools or directly in kernel?
I would like to implement something like grsecurity's 'trusted path
execution' (only binaries owned by root can be executed).
Thank you for info and hints.
azur
More information about the AppArmor
mailing list