[Apparmor-dev] RFC: local profiles

John Johansen jjohansen at suse.de
Fri Mar 7 17:32:35 MST 2008 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

John Johansen wrote:
> This is an idea I have been kicking around for awhile for a new x
> qualifier that I think would make profiling utility apps easier.
> 
> The idea is to have a local, or subprofile set.  The profiles in the set
> are local to the parent profile (ie. not globally visible) so that the
> utility programs can have profiles that make sense for that profile,
> instead of using ix for all utilities.
> 
> To do this we can leverage profile namespaces, and stick the local
> profiles in a namespace.  Then profile transitions from those profiles
> will search the local profile namespace.
> 
> to hopefully clear things up, here is an example
>   Mutt can call out to all kind of utils and many of them you may not
>   want having their own global profile, or even may want them to behave
>   with a different set of restrictions in mutt.
> 
>   So here is a partial mutt profile with some subprofiles
> 
> #include <tunables/global>
> /usr/bin/mutt {
>   #include <abstractions/base>
>   #include <abstractions/bash>
>   #include <abstractions/nameservice>
> 
>   /etc/Muttrc r,
>   /home/*/.muttrc r,
>   /home/*/Mail w,
>   /usr/bin/mutt mr,
> 
>   #local send mail profile
>   /usr/bin/sendmai {
>      ...
>   }
> 
>   #local vim profile
>   /usr/bin/vim {
>      ...
> 	#named transition escaping to global profile namespace
> 	/bin/foo x -> default:,
>   }
> 
> }
> 
Well I am going to reply to myself here and say that, the more I think
about it the less I like not having a transition rule.  It just seems
inconsistent.  So I am going to propose changing the syntax slightly,
expanding on the syntax of the generalized transition model.

   ...
   #local send mail profile
   /usr/bin/sendmail x -> {
      ...
   }

   # in permission first format
   x /usr/bin/sendmail -> {
     ...
   }

doing this makes the format a transition rule with the profile name
coming from the transition rule it self.  I suppose it could go
as far as supplying a different profile name is so desired.
eg.
   x /usr/bin/sendmail -> fooprofile {
      ...
   }

which might be useful to humans looking at attached profile names,
but I expect its use would be rare in actual use

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.4-svn0 (GNU/Linux)
Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org

iD8DBQFH0d6ji/GH5xuqKCcRAvOIAJ4wTaacDu/yQISWAmWl3USIrzvYsQCgq8rT
LeFI1eqgdQrWQZVq7aIlEfU=
=a0/Y
-----END PGP SIGNATURE-----

More information about the Apparmor-dev mailing list