User: Password:
|
|
Subscribe / Log in / New account

AppArmor and chroot

AppArmor and chroot

Posted Jul 24, 2006 23:51 UTC (Mon) by sweikart (guest, #4276)
In reply to: Kernel Summit 2006: Security by Method
Parent article: Kernel Summit 2006: Security

> The great thing about this is that, for example, your bind
> "policy" gives access to /.* (that means any file on the
> filesystem), because it is assumed that bind is chrooted.
> ... This shows very clearly that apparmor is essentially a
> "fail open" security mechanism

If 'bind' is configured to chroot to e.g. /chroot/bind, then it seems like a mistake to have bind's AppArmor policy specify pathname-access with /.*; it seems like the policy should specify "real" path names, i.e. /chroot/bind/* . This way, AppArmor apps would "fail closed" rather then "fail open". [This methodology might also work with namespace changes.]

-scott


(Log in to post comments)


Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds