29 Aug
2014
29 Aug
'14
14:50
On 2014-08-29 16:05, pinguin74 wrote:
Hi there,
do AppArmor profiles really need to be world readable?
Would it hurt to set them to 640 or even 600?
Why should user processes need to read AA profiles? If they don´t need, they shouldn´t in the first place IMHO.
I mean, doesn´t only AA (=root) need to read them?
No, it needs root to write them. You don't need to hide the information from users, there are no secrets in them. Like fstab: users can read it, too. -- Cheers / Saludos, Carlos E. R. (from 13.1 x86_64 "Bottle" at Telcontar)