[apparmor] Dynamic AppArmor rules
Marius Gripsgard
marius at ubports.com
Fri Sep 4 22:46:34 UTC 2020
Hi,
I saw a email from 2014 in this list about this exact topic, so I was
wondering if the situation has changed since then?
What I'm looking for is a way to allow a userspace service to reject or
allow certain rules, like for example a prompt that will ask the user
"Do you want to give app X access to Network". Ideally without the need
for the application to request access before making the call, where
apparmor would send a callback to a userspace helper on a call, this
helper would then process the event (asking the user or whatnot) and
send it back to apparmor with a allow or deny. This could be extremely
powerful in a way to provide a generic *permission handler* regardless
of application. Alternatively the app would need to request access
before doing the call, the userspace handler would then change if
apparmor should allow the calls in question or not .
Thank you
Marius Grispgard
More information about the AppArmor
mailing list