true . even to me this does not make sense. i think we need to restructure just to avoid any problems in future..
On Sun, Mar 11, 2012 at 4:18 AM, Seth Arnold <seth.arn...@gmail.com> wrote: > It does seem odd, but if m and r permission are granted then the program > could do the moral equivalent of an exec entirely in memory itself -- with > the exception of setuid, setgid, or setfacl capabilities, which the profile > will confine anyhow. > > Thus I think the full set makes sense. > > ------Original Message------ > From: John Johansen > Sender: apparmor-boun...@lists.ubuntu.com > To: apparmor > Subject: [apparmor] File rule question > Sent: Mar 10, 2012 5:50 PM > > So in 2.8 the ability to specify all files via > > file, > > instead of having to do > > /** rwlkmix, > > the question is should this short cut provide all those permissions or > should > we separate out exec permissions. It seems odd to me that saying you have > access to all files means you also can exec anything even if it remains > confined by the current profile. > > > > -- > AppArmor mailing list > AppArmor@lists.ubuntu.com > Modify settings or unsubscribe at: > https://lists.ubuntu.com/mailman/listinfo/apparmor > > > > -- > AppArmor mailing list > AppArmor@lists.ubuntu.com > Modify settings or unsubscribe at: > https://lists.ubuntu.com/mailman/listinfo/apparmor >
-- AppArmor mailing list AppArmor@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor
