On 05/27/2015 12:22 PM, William Hua wrote: > Hi, > Hi! > Currently, there's no way in Apparmor to sandbox applications from > accessing any setting in a user's dconf database other than preventing > access altogether. We want to add a new rule to the policy format to > permit this. Here's the proposed syntax: > > [audit] dconf <dconf-path> [r|rw], > I'll let others comment on the kernel patch, but I'm wondering if explicit deny rules make sense for dconf? I'm not sure why they wouldn't; this would change the above to:
[audit] [deny] dconf <dconf-path> [r|rw], -- Jamie Strandboge http://www.ubuntu.com/
signature.asc
Description: OpenPGP digital signature
-- AppArmor mailing list [email protected] Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor
