Hello, Am Sonntag, 24. August 2014 schrieb pinguin74:
When I look in your example profile, I see Cx somewhere and you define the profile for the child process within the main profile file, right? Thus you don´t need several profile files, you can put the child´s profile right into the main profile file, right?
Basically right.
When using Px or px you have to crate a seperate profile file for the corresponding application, right? This way, the application is always confined, no matter if called from within another profile or invoked solely, right?
Exactly.
For example I plan to confine gpg, thus it would be easier to use px and create a seperate gpg profile that can be called from within other profiles, right?
Correct. (However you should prefer Px over px to get environment variables like LD_PRELOAD etc. cleaned.) Regards, Christian Boltz -- Aber genauso können mir ja auch die Grünen leid tuen. Da bin ich doch lieber blau ... [Konrad Neitzel in suse-linux] -- To unsubscribe, e-mail: opensuse-security+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-security+owner@opensuse.org