[apparmor] [PATCH] make private-files* more strict
Jamie Strandboge
jamie at canonical.com
Fri Jan 7 16:56:23 UTC 2011
A bug was reported in Ubuntu[1] regarding disallowing access to
autostart directories. This patch takes that slightly farther and does:
abstractions/private-files: don't allow wl to autostart directories
abstractions/private-files-strict: don't allow access to:
- chromium
- thunderbird
- evolution
- kmail
- kwallet
Nominated for 2.5. I'd be happy to see more additions to private-files*
as they are blacklists and therefore not complete, but at least with
this patch we add some important restrictions to kde, chromium and gui
email files (the intended focus being on passwords).
[1] https://launchpad.net/bugs/698194
--
Jamie Strandboge | http://www.canonical.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: This is a digitally signed message part
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20110107/c40f0c02/attachment.pgp>
More information about the AppArmor
mailing list