On Monday 11 December 2006 00:58, Crispin Cowan wrote:
Malte Gell wrote:
older SUSEn had a secumod kernel module that allowed some nice security enhancements, e.g. I liked (needed...) prohibiting a user from running programs within his home directory (or any other directory) a lot. There is no such tool / module for SUSE 10.x, right? Can newer AppArmor versions do such things (I still use SUSE 10.0 and AA 1.2)?
Follow the confined-shell procedure described below, and it will allow you to control the set of programs a user can run in great detail. For instance, you could grant permission in the confined shell profile for "/bin/* ix" and "/usr/bin/* ix" which would give the user access to a lot of programs, but not allow them to execute commands out of their own home directory.
IIRC there even was a similar procedure somewhere described in the Apparmor documentation, maybe it is exactly this one? Anyway, thanx, it might be what I´m looking for. Malte --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-security+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-security+help@opensuse.org