Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1758126AbXKLX6e (ORCPT ); Mon, 12 Nov 2007 18:58:34 -0500 Received: (majordomo@vger.kernel.org) by vger.kernel.org id S1752985AbXKLX6Z (ORCPT ); Mon, 12 Nov 2007 18:58:25 -0500 Received: from mail8.dotsterhost.com ([66.11.233.1]:56573 "HELO mail8.dotsterhost.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with SMTP id S1752494AbXKLX6Y (ORCPT ); Mon, 12 Nov 2007 18:58:24 -0500 Message-ID: <4738E8A2.1060004@crispincowan.com> Date: Mon, 12 Nov 2007 15:58:26 -0800 From: Crispin Cowan Organization: Crispin's Labs User-Agent: Thunderbird 2.0.0.6 (X11/20070801) MIME-Version: 1.0 To: Alan Cox CC: david@lang.hm, "Dr. David Alan Gilbert" , Arjan van de Ven , Linux Kernel Mailing List , LSM ML , apparmor-dev Subject: Re: AppArmor Security Goal References: <473380AD.5070801@crispincowan.com> <20071110220455.GB24195@gallifrey> <47362C7C.2050202@crispincowan.com> <20071110222414.GC24195@gallifrey> <47363381.4030103@crispincowan.com> <20071110232545.GD24195@gallifrey> <20071110235609.00958d87@the-village.bc.nu> In-Reply-To: <20071110235609.00958d87@the-village.bc.nu> Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Sender: linux-kernel-owner@vger.kernel.org X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 1476 Lines: 34 Alan Cox wrote: >> but how can the system know if the directory the user wants to add is >> reasonable or not? what if the user says they want to store their >> documents in /etc? >> > A more clear example is wanting to wrap a specific tool with temporary > rules. Those rules would depend on the exact file being edited at this > moment - something root cannot know in advance > (although with apparmor I guess mv $my_file apparmour_magic.name ; foo; > mv it back might work 8)) > If you have unconfined root privilege on an AppArmor box, then setting up a temporary profile is trivial. As Alan suggests, you could just have a standard profile for /home/crispin/bin/foo and fun with mv would switch programs in and out of it. Or for more control, just draft a new policy and load it; it just takes a few seconds to cp the profile for something else and edit it a bit, and then load it. The big difference between the former and latter is that the former is inflexible (it either works or it doesn't) and the latter requires privilege. Crispin -- Crispin Cowan, Ph.D. http://crispincowan.com/~crispin CEO, Mercenary Linux http://mercenarylinux.com/ Itanium. Vista. GPLv3. Complexity at work - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/