Hello, Am Montag, 25. August 2014 schrieb pinguin74:
For example I plan to confine gpg, thus it would be easier to use px and create a seperate gpg profile that can be called from within other profiles, right?
Correct. (However you should prefer Px over px to get environment variables like LD_PRELOAD etc. cleaned.)
What is the default behaviour of AA, does it clean variables when using "rix" for example?
AppArmor cleans environment variables when using an _uppercase_ *x rule (Px, Cx, Ux). ix is only available in lowercase, which also means the environment isn't cleaned when using ix. (Same for px, cx and ux.) Regards, Christian Boltz -- After a little bit of thinking* [...] * yes, I do it sometimes and yes, it usually hurts and leads to bad stuff, I'll try not to do it again [Jos Poortvliet in opensuse-factory] -- To unsubscribe, e-mail: opensuse-security+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-security+owner@opensuse.org