[apparmor] [PATCH] abstractions/private-files updates for shells
Steve Beattie
steve at nxnw.org
Mon Apr 18 19:09:11 UTC 2011
On Mon, Apr 18, 2011 at 09:03:49AM -0500, Jamie Strandboge wrote:
> Bug #761217[1] came in to add several zsh files to the private-files
> abstraction. This patch does that and adds a few others (with light
> refactoring) after reading the manpages for dash, bash, zsh, csh, tcsh
> and pdksh.
Are you nominating this for 2.6?
Also, I haven't followed the development of the private-files and
private-files-strict abstractions closely; that said, I'm mildly
dubious of preventing read access to bashrc et alia in private-files
rather than private-files-strict; I think it might make it less usable
for ssh-force-command types of behaviors where a script might be the
only thing allowed to be invoked and backstopped by apparmor.
I guess I'd like to see the reasoning behind why something should go
into one or the other.
Thanks.
--
Steve Beattie
<sbeattie at ubuntu.com>
http://NxNW.org/~steve/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: Digital signature
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20110418/e191ac8a/attachment.pgp>
More information about the AppArmor
mailing list