Hi
Whenever a program tries to touch a forbidden resource, the system
(Apparmor?) replies Acces Denied.
Some programs may overreact in this case.
My suggestion for apparmor access policy:
add the hide option, which causes when the application tries to touch
the forbidden resource, it is also denied access, but with the message
"No such file or directory".
This will help avoid errors when the program tries to check, for example
/ sys / module / apparmor, / sys / kernel / security, or ~/.ssh/,
and will exit with a fatal error if access is denied.
Originally such a solution is in Grsecurity ACL:
Object modes: ...
h - This object is hidden.
https://grsecurity.net/gracldoc.htm
Regards
Jacek
--
AppArmor mailing list
[email protected]
Modify settings or unsubscribe at:
https://lists.ubuntu.com/mailman/listinfo/apparmor
