[apparmor] prompt qualifier?
Steve Beattie
steve at nxnw.org
Sat Nov 10 00:43:35 UTC 2012
On Fri, Nov 09, 2012 at 02:04:40PM -0800, John Johansen wrote:
> On 11/09/2012 01:43 PM, Steve Beattie wrote:
> > Hrm. What additional value does prompt add over only displaying that
> > which is allowed by existing apparmor policy? Unless you're concerned
> > about the difficulty of computing the latter... but don't you need to
> > compute that anyway, to ensure that the prompt rules aren't overruled
> > by deny rules?
> >
> Because this is about trusted pickers that are being used to extend apparmor
> policy. ie. the application may not have access to the file at all (so
> definitely not in the allowed set). The picker has access to the file but
> at this point its entirely at the pickers discretion what to display,
> policy has no hints as to possible restrictions beyond what is allowed (not
> even explicit deny is available atm).
Ah, right. Though if we exported the explicit Deny rules as a separate
DFA rather than incorporate it into the single DFA, you could prompt
about anything that wasn't explicitly denied.
That said, I think you've convinced me that this additional hint over
just Deny rules is probably for the best.
--
Steve Beattie
<sbeattie at ubuntu.com>
http://NxNW.org/~steve/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: Digital signature
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20121109/627bed0b/attachment.pgp>
More information about the AppArmor
mailing list