-
-
Notifications
You must be signed in to change notification settings - Fork 52
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
New feature: re-attached path #559
Comments
This is what I don't understand. |
As |
Ah, understood! Thanks! |
Why not |
@beroal Because it is not what we want. If a profile doesn't have the |
Is it |
|
For more context, see https://apparmor.pujol.io/development/internal/#re-attached-path
AppAmor 4.0 provides the
attach_disconnect.path
flag allowing to reattach this path to a prefix that is not/
. When used it provides an important security improvement from AppArmor 3.0.The plan is to uses
attach_disconnect.path
by default and automatically on all profiles with theattach_disconnect
flag. The attached path is set to a@{att}
, a new dynamically generated variable set at build time in the preamble of all profile to be:@{att}=/att/<profile_name>
for profile withattach_disconnect
flag.@{att}=/
for other profiles@{att}=/
Internal
abstractions/attached/base
abstractionabstractions/attached/consoles
abstractionattach
build tasks:attach_disconnected.path
flag on all profile with theattach_disconnected
flagattached/base
abstraction in the profile@{att}=/
Tasks
attach_disconnect
have been updated to use@{att}
when required.The text was updated successfully, but these errors were encountered: