Hi Daniel, On Wed, Aug 30, 2017 at 09:40:32PM +0200, daniel curtis wrote: > ✓ /bin/ps Cx,
> profile /bin/ps {
>
> [NEEDED RULES]
>
> }
>
> }
>
> The "/bin/ps" child profile structure is straightforward, but I'm wondering
> whether is it OK? I'm asking just to be one hundred percent sure. Nothing
Yes, this is good. Be sure to #include <abstractions/base> in this child
profile, and the rest should be easy enough. Your suggested updates to
more modern rules with variables makes sense too.
> What do you think about such idea - an idea of creating a Child Profile for
> "/bin/ps" utility? Could it make a Firefox more secure? (My opinion, mainly
> refers to the comment: "Ideally these would use a child profile." See
> above.)
ps is old enough that I strongly doubt it can be negatively influenced by
malicious processes, so it may not actually have any real impact on system
security. However, the principle of reducing privileges available to
processes on the system is solid, and if nothing else it's good practice.
Thanks
signature.asc
Description: PGP signature
-- AppArmor mailing list [email protected] Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor
