Re: [apparmor] Support for owner specification
On Wed, Aug 24, 2016 at 09:10:35PM +0200, azu...@pobox.sk wrote: > >On Wed, Aug 24, 2016 at 10:46:49AM +0200, azu...@pobox.sk wrote: > >> owner=fred > can i, somehow, speed up the implementation? To financially sponsor it for > example? Not that i know of, all the engineers that are familiar enough with the code to implement the feature are already over-tasked as it is. :( Thanks signature.asc Description: PGP signature -- AppArmor mailing list AppArmor@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor
Re: [apparmor] Support for owner specification
Citát Seth Arnold : On Wed, Aug 24, 2016 at 10:46:49AM +0200, azu...@pobox.sk wrote: owner=fred owner=1001 owner=(fred) owner=(fred george) owner=(fred 1001) Is this still not supported? If not, when it will be? Is support missing only in userspace tools or directly in kernel? Hello Azur, none of these are supported yet; they aren't on any roadmap either. It would be a nice feature to have but other features and bugfixes are currently higher priority. THanks Hello Arnold, can i, somehow, speed up the implementation? To financially sponsor it for example? -- AppArmor mailing list AppArmor@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor
Re: [apparmor] Support for owner specification
On Wed, Aug 24, 2016 at 10:46:49AM +0200, azu...@pobox.sk wrote: > owner=fred > owner=1001 > owner=(fred) > owner=(fred george) > owner=(fred 1001) > Is this still not supported? If not, when it will be? Is support missing > only in userspace tools or directly in kernel? Hello Azur, none of these are supported yet; they aren't on any roadmap either. It would be a nice feature to have but other features and bugfixes are currently higher priority. THanks signature.asc Description: PGP signature -- AppArmor mailing list AppArmor@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor
[apparmor] Support for owner specification
Hi, this is written in AppArmor wiki ( http://wiki.apparmor.net/index.php/AppArmor_Core_Policy_Reference ): === extended ownership tests (not currently supported) If the optional equal operator is used then, the test is not against the euid/fsuid but that the object has the same uid as the uid(s) following the equal sign. eg. owner=fred owner=1001 owner=(fred) owner=(fred george) owner=(fred 1001) === Is this still not supported? If not, when it will be? Is support missing only in userspace tools or directly in kernel? I would like to implement something like grsecurity's 'trusted path execution' (only binaries owned by root can be executed). Thank you for info and hints. azur -- AppArmor mailing list AppArmor@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor