Mailinglist Archive: opensuse-security (24 mails)

< Previous Next >
[opensuse-security] AA confining bash
With regard to the lates Bash Shock, I wonder does it make sense to
confine Bash with AppArmor after all?

I think to create a dedicated profile solely for Bash does not make
sense, because in general you want to be able to access everything with
Bash, right?

If an app wants to access Bash I envoke /bin/bash with the ix parameter,
this way Bash inherits the appĀ“s profile. Is this the only best way to
confine Bash? Or does a dedicated profile make sense?

Thanks

< Previous Next >