Simon Deziel wrote (19 Mar 2015 12:26:59 GMT) :
> On 03/19/2015 05:47 AM, intrigeri wrote:
>> lots of our profiles give access to things like
>> @{PROC}/@{pid}/[something], which in my understanding:
>>
>> 1. is unnecessarily wide open most of the time: the process often
>> only needs to gather information about itself, not about any other
>> process, right?
> Maybe "owner" could help with that?
Yep, that's the workaround I had in mind. Now, since we're going to
have a variable to do it properly some day, then I *personally* won't
invest time in adding "owner" everywhere I care: validating this kind
of changes isn't very cheap.
Cheers,
--
intrigeri
--
AppArmor mailing list
[email protected]
Modify settings or unsubscribe at:
https://lists.ubuntu.com/mailman/listinfo/apparmor
