On 11/3/18, /John Johansen/ wrote://
> A task invoking the no_new_privs prct >
https://www.kernel.org/doc/Documentation/prctl/no_new_privs.txt
<https://www.kernel.org/doc/Documentation/prctl/no_new_privs.txt>
Okay, so I just did a strace on 'man' and see that it calls that
function with the nnp parameter before attempting to execve the child
processes that fail to execute.
Okay -- I get it now: While nnp normally works fine if the executable
is unconstrained, once apparmor assigns a security label to the
executable, it's game over because the LSM system asks apparmor to do
something it cannot -- prove the future profile transition has the same
permissions. I thought the child processes were asking for additional
security, but that's not the case.
This means that since all non-kernel processes have a label with the
FullSystemPolicy setup, this is an unavoidable problem -- there is no
way to remove a label once assigned. It's ironic that a function
designed to help secure a system is what is responsible for preventing
whitelisting.
I assume I'll run into a similar issue with selinux since this is a LSM
label transition thing then? Man, this linux whitelisting search is
turning out to be the holy grail.
--
AppArmor mailing list
AppArmor@lists.ubuntu.com
Modify settings or unsubscribe at:
https://lists.ubuntu.com/mailman/listinfo/apparmor