I am running a web service in which I basically allow the user to run any custom code. I use AppArmor to prevent malicious use. I am using Apache2 apparmor module with a ^hat profile to restrict privileges for my service.
However I am starting to doubt if this can actually be done. Because I allow the user to run any code, it can potentially try to call aa_change_hat, or create hard links to system files, etc. Will this work, or will AppArmor prevent this? -- AppArmor mailing list [email protected] Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor
