[apparmor] Deny mount globally
Kobus Goosen
kobuslgoosen at gmail.com
Fri Aug 30 06:42:37 UTC 2019
Hi,
I just wanted to ask if there is an elegant way to block
mounting/unmounting in general.
I have an industrial device that has a read-only rootfs, so there's limited
system damage that a user could make. However I'd like to disable mounting
so it's never possible to remount the rootfs in read/write more.
My initial idea involved creating a profile for SSHD, and adding " deny
mount," to it. This initially worked (after I changed bash from Ux to ix),
but causes a host of other issues.
*Kobus Goosen *
*071 608 4149*
*kobuslgoosen at gmail.com <kobuslgoosen at gmail.com>*
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20190830/446218f3/attachment.html>
More information about the AppArmor
mailing list