Re: [apparmor] Apparmor: Profile optimization
Thanks Seth and apologize I did not receive your response email. Will take a look before asking the question. Regards Murali.S On Tue, Apr 27, 2021, 7:56 AM Seth Arnold wrote: > On Mon, Apr 26, 2021 at 08:58:54PM +0530, Murali Selvaraj wrote: > > Hi John/Seth, > > > > Please clarify the below queries which we are looking for to define > > the profiles for embedded devices. > > Kindly do the needful. > > In what way was my response here not clear enough? > > https://lists.ubuntu.com/archives/apparmor/2021-April/012261.html > > When you don't understand something in one of our responses, *please* > address whatever it is that you didn't understand rather than just > re-asking the same question over and over again. > > It's not worth our time to just keep guessing about what you didn't > understand, or why you didnt understand it. You've got to help us out > here, you can't just demand over and over again. > > I'm happy to help people who are trying to learn but you've got to at > least *try* what we suggest and respond in kind. > > Thanks > -- AppArmor mailing list AppArmor@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor
Re: [apparmor] Apparmor: Profile optimization
On Mon, Apr 26, 2021 at 08:58:54PM +0530, Murali Selvaraj wrote: > Hi John/Seth, > > Please clarify the below queries which we are looking for to define > the profiles for embedded devices. > Kindly do the needful. In what way was my response here not clear enough? https://lists.ubuntu.com/archives/apparmor/2021-April/012261.html When you don't understand something in one of our responses, *please* address whatever it is that you didn't understand rather than just re-asking the same question over and over again. It's not worth our time to just keep guessing about what you didn't understand, or why you didnt understand it. You've got to help us out here, you can't just demand over and over again. I'm happy to help people who are trying to learn but you've got to at least *try* what we suggest and respond in kind. Thanks signature.asc Description: PGP signature -- AppArmor mailing list AppArmor@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor
Re: [apparmor] Apparmor: Profile optimization
On 4/16/21 10:48 AM, Murali Selvaraj wrote: > Hi All, > > We have observed few configuration files are present in /tmp which are > needed for certain processes. > For example, few of the files are hidden files located in /tmp/. > > In that case, shall we add below entry > > /tmp/** rw, > you could add that, it would cover all files in /tmp/ > or Do we need to add entries for file specific as below > > /tmp/file.txt r, > /tmp/.init_complete rw, > > Which would be the best way for security concern especially for > embedded devices ? > Please advise. > From a security stand point the more specific you can be the better. So if those file names don't change only granting access to those is more secure than the general globbing rule of /tmp/** rw, -- AppArmor mailing list AppArmor@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor
Re: [apparmor] Apparmor: Profile optimization
Hi John/Seth, Please clarify the below queries which we are looking for to define the profiles for embedded devices. Kindly do the needful. Thanks Murali.S On Fri, Apr 16, 2021 at 11:18 PM Murali Selvaraj wrote: > > Hi All, > > We have observed few configuration files are present in /tmp which are > needed for certain processes. > For example, few of the files are hidden files located in /tmp/. > > In that case, shall we add below entry > > /tmp/** rw, > > or Do we need to add entries for file specific as below > > /tmp/file.txt r, > /tmp/.init_complete rw, > > Which would be the best way for security concern especially for > embedded devices ? > Please advise. > > Thanks > Murali.S -- AppArmor mailing list AppArmor@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor
[apparmor] Apparmor: Profile optimization
Hi All, We have observed few configuration files are present in /tmp which are needed for certain processes. For example, few of the files are hidden files located in /tmp/. In that case, shall we add below entry /tmp/** rw, or Do we need to add entries for file specific as below /tmp/file.txt r, /tmp/.init_complete rw, Which would be the best way for security concern especially for embedded devices ? Please advise. Thanks Murali.S -- AppArmor mailing list AppArmor@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor