User: Password:
|
|
Subscribe / Log in / New account

Kernel Summit 2006: Security

Kernel Summit 2006: Security

Posted Jul 25, 2006 21:04 UTC (Tue) by dlang (subscriber, #313)
In reply to: Kernel Summit 2006: Security by Method
Parent article: Kernel Summit 2006: Security

and the reply to this by AppArmor was that they are enhancing AA to look at the path to the file looking through the namespace mappings.

so you wouldn't have a policy that granted /.* to bind, you would have a policy that granted /chroot/.* to bind. thus if bind fails the chroot it would have no access to anything that it wouldn't have access to if the chroot suceeded (and it would then fail miserably since nothing was where it expected)

yes this was a real issue, but it's also a straightforward one to resolve.


(Log in to post comments)


Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds