On 8.10.2006 03:56, Crispin Cowan wrote:
AppArmor currently does not have a way to do this, but it is in our road map. The idea would be a "default profile" that applies to *any* process started, which does not otherwise have an explicit profile. The problem with the default profile approach is that this profile has to simultaneously satisfy 2 requirements:
1. Be "tight" enough that a process confined only by the default profile cannot corrupt AppArmor itself. 2. Be "loose" enough that administrative processes, such as YaST and RPM, can still function.
I see. Hope you will come up with a solution!
* The security of the default profile will be exceptionally weak if it is a negative profile. This is for all the usual security weaknesses of a default allow policy.
OK, but how would this 'weakness' be any different than the current state, where there is no profile assigned at all to most of the processes. If the default negative profile is empty, that would mean 'access granted' by default, which won't corrupt anything.
* The usability of the system will be severely compromised if the default profile is a positive (normal) profile. *Every* process in the system will be subject to this default profile, and so lots of "normal" UNIX administrative procedures won't work.
A default restrictive profile could render the system completely unusable. Thats why I guess the default profile should be negative only. If it is positive, it would truly need a lot time to develop.
Therefore, using the default profile feature is likely to be appropriate only for specialized situations where the configuration can be limited to a specific need, and therefore its administrative needs will be relatively simple.
Exactly! My situation is like this. But having the tools to do this, only gives the administrator more options. It means that the administrator should be paying more attention, too. Good luck with the project! -- Blade hails you... All the same take me away We're dead to the world --Nightwish