Hello everyone,
I have a question I posted in Stackoverflow and ubuntu stack exchange
with no luck.
My problem is the following:
I have a problem I am not sure how to solve in AppArmor.
Basically I have a profile that executes a program, let us say
|profile myprof { /my/executable ix, } |
The problem is that from that executable, I call another executable,
spawning a process, let us call it, /the/other/executable.
How can I make AppArmor give /my/executable permissions to call
/the/other/executable? This will be done when /my/executable is already
running, of course.
I saw the API for aa_change_hat and subprofiles: is that the way to go?
My ideal would be to be able to tell from the profile directly that
/my/executable can use /the/other/executable. /the/other/executable
should be able to read and write in the same places as /my/executable,
so this could be maybe inherited.
Thanks for your time!
--
AppArmor mailing list
[email protected]
Modify settings or unsubscribe at:
https://lists.ubuntu.com/mailman/listinfo/apparmor
