[apparmor] Bug#865206: apparmor: Should apparmor abstractions allow flatpak directories?
Vincas Dargis
vindrg at gmail.com
Sun Jul 2 08:02:47 UTC 2017
2017.07.02 02:41, John Johansen wrote:
> Delegation will allow an application to delegate some of its authority
> (permissions) to other confined task.
>
> So for example an external file picker could be used to allow the user to
> choose files, and then delegate that access to firefox, so that the firefox
> profile does not need to be given broad access to the users directory.
Thanks for good example.
> For various reasons stacking (think of it as the intersection of profiles
> and hence a way to reduce permissions) has had to land first. That has largely
> happened (4.13 will have most of what is needed) and hopefully the remaining
> issues will be landed by 4.14.
That's sounds great!
More information about the AppArmor
mailing list