[apparmor] Apparmor policy hide?
Jacek
wampir990 at gmail.com
Fri Mar 26 06:58:10 UTC 2021
Hi
Whenever a program tries to touch a forbidden resource, the system
(Apparmor?) replies Acces Denied.
Some programs may overreact in this case.
My suggestion for apparmor access policy:
add the hide option, which causes when the application tries to touch
the forbidden resource, it is also denied access, but with the message
"No such file or directory".
This will help avoid errors when the program tries to check, for example
/ sys / module / apparmor, / sys / kernel / security, or ~/.ssh/,
and will exit with a fatal error if access is denied.
Originally such a solution is in Grsecurity ACL:
Object modes: ...
h - This object is hidden.
https://grsecurity.net/gracldoc.htm
Regards
Jacek
More information about the AppArmor
mailing list