-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 On 2016-12-14 09:32, jdd wrote:
Le 14/12/2016 à 09:28, Carlos E. R. a écrit :
On 2016-12-14 09:19, jdd wrote:
if this is an ongoing problem, apparmor could probably help you.
dunno how, if the attacker uses "official" disk access methods
Doesn't matter. AA can confine any process you configure to confine.
sure, but "official" access may be nedded for the app work :-)
Ah, you mean that the confined app will need to write into the directories it serves for write. True. But not outside, meaning that it would not be able to compromise the system, "only" the served data. - -- Cheers / Saludos, Carlos E. R. (from 13.1 x86_64 "Bottle" (Minas Tirith)) -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (GNU/Linux) iF4EAREIAAYFAlhRCeYACgkQja8UbcUWM1xasgD6A3IkQ5/y9YTHpuJdsgdY/CG4 /uMjgn1ugoK4zas5syUA/jfp0ePQKjgDRzG964MfTziFUFMoslXAy75oJqcJKZ+3 =/eTS -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org