[apparmor] Apparmor Link rules
John Johansen
john.johansen at canonical.com
Thu Apr 22 05:18:15 UTC 2021
On 4/21/21 6:23 PM, Hans Gruber wrote:
> Hello,
>
> I'm trying to secure and restrict access of a bash script which need to perform actions on a symlink (update timestamp and create it if missing).
>
currently link rules are hard links only. Symlinks are treated like regular files, and mediation is done post symlink traversal so that they can't be used as an attack vector.
> Is it possible to use an AppArmor Link Rules for a symbolic link or is it only for hard link ?
> I don't find information about symbolic link.
>
atm hardlink only, we are investigating extending it to be able to mediate symlinks
> According to AppArmor Core Policy Reference at https://gitlab.com/apparmor/apparmor/-/wikis/AppArmor_Core_Policy_Reference only hard link is specified.
>
> Bash script use ln which requires two rules
> /path/symlink rw,
> /path/[A-Za-Z0-9][A-Za-Z0-9][A-Za-Z0-9][A-Za-Z0-9][A-Za-Z0-9][A-Za-Z0-9][A-Za-Z0-9][A-Za-Z0-9] rw,
>
> The second one is required because ln create a temporary file as /path/CgX8vf6d and it names
> changes each time. Without this rule ln fail and audit record denied access for /path/CgX8vf6d in creation.
> But I don't like this rule because it opens potential access to all files in /path in rw which is a sensitive folder.
>
> I would like to know if it's possible to use a link rule to avoid the second one which require rw for read and creation.
>
> I tried using a link rule but it never worked but it could be misuse by myself.
>
Unfortunately at this time this seems to be required.
> Thank you in advance.
>
> Regards
>
>
>
>
>
>
More information about the AppArmor
mailing list