[apparmor] Improving policy abstractions
Seth Arnold
seth.arnold at gmail.com
Tue Aug 10 11:01:48 BST 2010
Now that I don't know the abstractions as well as I used to (thanks Jamie! :) I find myself wondering just what permissions are being granted.
Specifically, I have wanted something like:
#include (authentication, read)
To make sure I'm not accidentally granting write access to my auth databases.
Or
#include (authentication, files)
So I don't wind up supporting a dozen different auth tools I don't have.
Of course, I'm scared of parameterized policy, it runs the very real risk of growing into a hydra, perhaps your idea of further constraining it into types makes sense. (And types would be neat for networking and probably IPC too.)
More information about the AppArmor
mailing list