[Apparmor-dev] Re: AppArmor Security Goal
Dr. David Alan Gilbert
linux at treblig.org
Sat Nov 10 16:47:06 MST 2007
* david at lang.hm (david at lang.hm) wrote:
That I wrote:
> >If the adminisrator set something up with (2) as the starting point it
> >would seem reasonable for the user to be able to add the ability to edit
> >documents in extra directories for their style of organising documents
> >they work on; but they would be restricted in what they could add
> >so that they couldn't add the ability to write to their settings
> >files.
>
> but how can the system know if the directory the user wants to add is
> reasonable or not? what if the user says they want to store their
> documents in /etc?
I was assuming that in a system where the user can add stuff to
the profile the administrator would be able to either grant or exclude
paths that the user was able to add.
Dave
--
-----Open up your eyes, open up your mind, open up your code -------
/ Dr. David Alan Gilbert | Running GNU/Linux on Alpha,68K| Happy \
\ gro.gilbert @ treblig.org | MIPS,x86,ARM,SPARC,PPC & HPPA | In Hex /
\ _________________________|_____ http://www.treblig.org |_______/
More information about the Apparmor-dev
mailing list