[apparmor] allowing previous denied progs
Hajo Locke
Hajo.Locke at gmx.de
Tue May 27 06:32:24 UTC 2014
Hello,
we use apparmor to secure apache and restrict some paths and progs we do
not want our users to execeute.
For this reason we packaged a standardversion of our rules, which is
installed on our servers. depending on servertyp we want to allow some
previous denied progs by other rules which are included afterwards.
This seems to be a problem, because it seems it is not possible to allow
progs which are denied in any rule. Is this true?
This is a problem for us, because we cannot deploy/update a set of
standardrules by our packages and finalize the situation with handmade
serverindividual rules, which are included at the finish. What shall we
do in this situation?
Thanks,
Hajo
More information about the AppArmor
mailing list