3 Oct
2014
3 Oct
'14
20:42
With regard to the lates Bash Shock, I wonder does it make sense to confine Bash with AppArmor after all? I think to create a dedicated profile solely for Bash does not make sense, because in general you want to be able to access everything with Bash, right? If an app wants to access Bash I envoke /bin/bash with the ix parameter, this way Bash inherits the app´s profile. Is this the only best way to confine Bash? Or does a dedicated profile make sense? Thanks