On 4/5/06, Crispin Cowan <[EMAIL PROTECTED]> wrote: > Pascal Meunier wrote: > > but as you posted an example profile with "capability setuid", I must > > admit I am curious as to why an email client needs that. > Well now that is a very good question, but it has nothing to do with > AppArmor. The AppArmor learning mode just records the actions that the > application performs. With or without AppArmor, the Thunderbird mail > client is using cap_setuid. AppArmor gives you the opportunity to *deny* > that capability, so you can try blocking it and find out. But for > documentation on why Thunderbird needs it, you would have to look at > mozilla.org not the AppArmor pages.
Does cap_setuid give a program enough authority to break out of the AppArmor profile? Regards, Brian _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
