Mailinglist Archive: opensuse-security (49 mails)

< Previous Next >
Re: [opensuse-security] secumod like solution for SUSE 10.x?
  • From: Malte Gell <malte.gell@xxxxxx>
  • Date: Mon, 11 Dec 2006 21:25:54 +0100
  • Message-id: <200612112125.55259.malte.gell@xxxxxx>
On Monday 11 December 2006 00:58, Crispin Cowan wrote:
> Malte Gell wrote:
> > older SUSEn had a secumod kernel module that allowed some nice
> > security enhancements, e.g. I liked (needed...) prohibiting a user
> > from running programs within his home directory (or any other
> > directory) a lot. There is no such tool / module for SUSE 10.x,
> > right? Can newer AppArmor versions do such things (I still use SUSE
> > 10.0 and AA 1.2)?

> Follow the confined-shell procedure described below, and it will
> allow you to control the set of programs a user can run in great
> detail. For instance, you could grant permission in the confined
> shell profile for "/bin/* ix" and "/usr/bin/* ix" which would give
> the user access to a lot of programs, but not allow them to execute
> commands out of their own home directory.

IIRC there even was a similar procedure somewhere described in the
Apparmor documentation, maybe it is exactly this one? Anyway, thanx, it
might be what I´m looking for.

Malte
---------------------------------------------------------------------
To unsubscribe, e-mail: opensuse-security+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse-security+help@xxxxxxxxxxxx

< Previous Next >