https://bugzilla.novell.com/show_bug.cgi?id=561152 https://bugzilla.novell.com/show_bug.cgi?id=561152#c23 --- Comment #23 from Christian Boltz <suse-beta@cboltz.de> 2011-04-18 22:09:51 CEST --- If I get it right (I don't know the internals of netconfig and dhclient), the problem is that admins can put various scripts in /etc/netconfig.d/, which are then executed. What about using a rule with fallback permissions like /etc/netconfig.d/** PUxr, This means: If an AppArmor profile exists for a script, it is used; otherwise the script runs unconfined. Note: I never used PUx rules, therefore please test it before shipping a profile with it. I'm not even sure which version of AppArmor introduced the PUx rules, but 2.5.1 on 11.4 seems to support it. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.