[Apparmor-general] profile for proftpd and chrooted users
Crispin Cowan
crispin at novell.com
Mon Jul 30 04:17:44 MDT 2007
Dieter Bloms wrote:
> does it make sense to write a profile for proftpd with chrooted users ?
> I asked because the users get a chroot directory and I have to allow
> access to / with lrw permissions.
>
Wait for openSUSE 10.3. It should include a feature enhancement so that
the paths used by AppArmor will be absolute with respect to the name
space, rather than the chroot jail. With this feature in place, AppArmor
profiles composed with chroot jails will be more secure than either one
alone.
Crispin
--
Crispin Cowan, Ph.D. http://crispincowan.com/~crispin/
Director of Software Engineering http://novell.com
AppArmor Chat: irc.oftc.net/#apparmor
More information about the Apparmor-general
mailing list