[Apparmor-dev] AppArmor Security Goal 0.3
Lincoln Yeoh
lyeoh at pop.jaring.my
Mon Oct 29 08:14:01 MDT 2007
At 06:13 PM 10/29/2007, you wrote:
>Enhanced with more comments from Andreas.
>
>This post is dual-format ASCII and HTML for my editing convenience.
>The final post to LKML will be pure ASCII.
>
>Thanks,
> Crispin
> * AppArmor confines processes if they are children of a confined
> process, or if the name of the exec'd child matches the name of an
> AppArmor profile. Another process could copy a program to a
> different path name and then execute it without confinement, but
> the other process would have to have permission to do so in the
> first place. To prevent this, confined the other process and
> additional applications until adequate security is achieved.
Typo? confined the other => confine the other.
Link.
More information about the Apparmor-dev
mailing list