Re: AppArmor Security Goal

[John Johansen <jjohansen@suse.de>]

[-- Attachment #1: Type: text/plain, Size: 1693 bytes --]

On Sat, Nov 10, 2007 at 03:52:31PM -0800, david@lang.hm wrote:
> On Sat, 10 Nov 2007, Dr. David Alan Gilbert wrote:
>

<snip>

>
> a question for Crispin,
>   is there a wildcard replacement for username? so that you could grant 
> permission to /home/$user/.mozilla...... and grant each user access to only 
> their own stuff? I realize that in this particular example the underlying 
> DAC will handle it, but I can see other cases where people may want to have 
> users more intermixed (say webserver files or directories for example)
>
A variable no.  But the current iteration does allow specifying permissions
for files that are owned by the user.  The method to do so has been
changed from the current posting and may change again as their is some
debate as to how best express this.

So system policy can express something similar by doing

owner rw @{HOME}/.mozilla,

where @{HOME} is a user side variable that gets expanded into the
locations of the systems home directories.

>> Allowing a user to tweak (under constraints) their settings might allow
>> them to do something like create two mozilla profiles which are isolated
>> from each other, so that the profile they use for general web surfing
>> is isolated from the one they use for online banking.
>
> the model of being able to add restrictions would still handle this. make 
> two shell scripts (one to start each browser profile) and set the AA policy 
> for these scripts to only have access to the appropriate directories.
>
yes you could do this, though I tend to want it just so I can control
which of my files firefox should be able to touch, without messing
up system policy.

[-- Attachment #2: Type: application/pgp-signature, Size: 194 bytes --]