https://bugzilla.novell.com/show_bug.cgi?id=561152
https://bugzilla.novell.com/show_bug.cgi?id=561152#c23
--- Comment #23 from Christian Boltz 2011-04-18 22:09:51 CEST ---
If I get it right (I don't know the internals of netconfig and dhclient), the
problem is that admins can put various scripts in /etc/netconfig.d/, which are
then executed.
What about using a rule with fallback permissions like
/etc/netconfig.d/** PUxr,
This means: If an AppArmor profile exists for a script, it is used; otherwise
the script runs unconfined.
Note: I never used PUx rules, therefore please test it before shipping a
profile with it. I'm not even sure which version of AppArmor introduced the PUx
rules, but 2.5.1 on 11.4 seems to support it.
--
Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.