[apparmor] base abstraction allowing to run simple programs
intrigeri
intrigeri at debian.org
Sat Jan 2 18:00:24 UTC 2016
Hi,
is it expected that merely including abstractions/base allows to run
e.g. /bin/echo and /bin/sleep?
<demo>
$ cat /etc/apparmor.d/empty
#include <tunables/global>
profile empty {
#include <abstractions/base>
}
# apparmor_parser -r /etc/apparmor.d/empty && aa-exec -p empty /bin/echo bla
bla
</demo>
Or is it just a side-effect of how aa-exec works, and a real confined
program would not be allowed to do the same?
Cheers,
--
intrigeri
More information about the AppArmor
mailing list