[apparmor] allowing previous denied progs
Hajo Locke
Hajo.Locke at gmx.de
Tue May 27 07:47:18 UTC 2014
Hello,
thanks for your answer.
>> I assume you are using deny rules to provide the restriction, instead of
>> just relying on the policy being a white list.
yes, this is correct
>> Is it possible to deploy your base policy as a white list with out the
>> deny rules? Basically only specifying what is allowed, with the denied
>> programs, being denied by not having a rule allowing them?
I will give it a try. But creating a serverwide whitelist seems to be
more sophisticated then creating a short blacklist.
Thanks,
Hajo
More information about the AppArmor
mailing list