LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for April 4, 2013

LWN.net Weekly Edition for March 28, 2013

A kernel change breaks GlusterFS

PyCon: Evangelizing Python

Multipath TCP: an overview

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

Kernel Summit 2006: Security

Kernel Summit 2006: Security

Posted Jul 25, 2006 21:04 UTC (Tue) by dlang (✭ supporter ✭, #313)
In reply to: Kernel Summit 2006: Security by Method
Parent article: Kernel Summit 2006: Security

and the reply to this by AppArmor was that they are enhancing AA to look at the path to the file looking through the namespace mappings.

so you wouldn't have a policy that granted /.* to bind, you would have a policy that granted /chroot/.* to bind. thus if bind fails the chroot it would have no access to anything that it wouldn't have access to if the chroot suceeded (and it would then fail miserably since nothing was where it expected)

yes this was a real issue, but it's also a straightforward one to resolve.

(Log in to post comments)

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds