[Apparmor-dev] armoring the network access
Markku Savela
msa at moth.iki.fi
Mon Sep 3 06:05:01 MDT 2007
> Hmmm. I don't have any other ideas. The security significance of a
> network rule is so context dependent.
>
> * "Can accept from" is much more dangerous from the internet than
> from some restricted address, but that's likely beyond vim's
> parsing ability, and we don't yet have addresses in this release.
> * "Can initiate connection" is perfectly safe in a client (Firefox)
> and very dangerous in a server (Apache) but how would vim know
> which a profile is?
> * ... etc. etc.
I'm jumping into middle of discussion, so I might be expressing
opinions that have already been discussed to the death, but here is
some jumble of thoughts ....
More information about the Apparmor-dev
mailing list