[apparmor] Working principle of alias rules
rockit at openmailbox.org
rockit at openmailbox.org
Wed Jul 18 14:14:08 UTC 2018
I have some questions for apparmor alias rules. Is it correct that an alias rule won't directly have an influence on which files can be accessed on a certain rewritten path, i.e. the actual profile for the program is what matters more? Could you make a program less confined just by alias rules? Sure you add another path, but on this path you are still allowed to only access files as described in the original profile of the program. Is this correct?
What is the reason a rewrite path for "/" -> "/rw/" does not apply to all the rules, i.e. you have to specifically rewrite other paths too, like "/var/" -> "/rw/var/" ?
More information about the AppArmor
mailing list