https://bugzilla.novell.com/show_bug.cgi?id=208142 Summary: AppArmor and symlinked directories Product: openSUSE 10.2 Version: Alpha 4 plus Platform: Other OS/Version: Other Status: NEW Severity: Enhancement Priority: P5 - None Component: AppArmor AssignedTo: dreynolds@novell.com ReportedBy: suse-beta@cboltz.de QAContact: dreynolds@novell.com AppArmor has a problem with symlinked directories: It always uses the symlink target when matching the ruleset. The same happens for mount --bind mounted directories. This means you have to change lots of profiles if you symlink /tmp to /var/roottmp for example. I'd like to see an option to allow symlinks and mount --bind - of course with a well-defined list of allowed symlinks to keep it secure. For example, there could be a global config file with something like Alias /tmp /var/roottmp which basically has the same results as changing the /tmp directory in all profiles, but with less work (which would probably also be less error-prone). (Variables don't really do this job - people can move and symlink nearly every directory.) (This was discussed on apparmor-general some weeks ago: http://forge.novell.com/pipermail/apparmor-general/2006-August/000120.html ) -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.