[Apparmor-dev] Re: AppArmor Security Goal
david at lang.hm
david at lang.hm
Sat Nov 10 21:50:34 MST 2007
On Sat, 10 Nov 2007, John Johansen wrote:
> On Sat, Nov 10, 2007 at 03:52:31PM -0800, david at lang.hm wrote:
>> On Sat, 10 Nov 2007, Dr. David Alan Gilbert wrote:
>
>>> Allowing a user to tweak (under constraints) their settings might allow
>>> them to do something like create two mozilla profiles which are isolated
>>> from each other, so that the profile they use for general web surfing
>>> is isolated from the one they use for online banking.
>>
>> the model of being able to add restrictions would still handle this. make
>> two shell scripts (one to start each browser profile) and set the AA policy
>> for these scripts to only have access to the appropriate directories.
>>
> yes you could do this, though I tend to want it just so I can control
> which of my files firefox should be able to touch, without messing
> up system policy.
right, I was showing how you could easily create two different firefox
browsers being able to access different things, and how it could be done
with user-based policies that tighten restrictions only (which are being
considered)
David Lang
More information about the Apparmor-dev
mailing list