Hi
Question about Apparmor full system policy.
https://gitlab.com/apparmor/apparmor/wikis/FullSystemPolicy
I am looking for a Dracut module to load Apparmor policy on boot,
before / sbin / init, similar to SELinux module:
https://github.com/dracutdevs/dracut/tree/master/modules.d/98selinux
Hi John & others,
John Johansen:
> Policy can be adjusted to include trap profiles that will attach
> to binaries executed out of these directories. The trap profile
> can grant limited to no permissions.
> [...]
> short term: confine users & a trap profile(s) on the /etc/cups dir
I was not able
Hello,
Am Sonntag, 27. Januar 2019, 15:01:40 CET schrieb intrigeri:
> John Johansen:
> > Policy can be adjusted to include trap profiles that will attach
> > to binaries executed out of these directories. The trap profile
> > can grant limited to no permissions.
> > [...]
> > short term: confine
Hi Jacek,
Jacek:
> What should the correct code of the Apparmor policy module look like to
> Dracut?
I'm not aware of any actual implementation of what this document
suggests, but had I to write it, I would start there:
On 1/27/19 12:49 PM, intrigeri wrote:
> Hi Jacek,
>
> Jacek:
>> What should the correct code of the Apparmor policy module look like to
>> Dracut?
>
> I'm not aware of any actual implementation of what this document
nothing released, there was a wip and I have rolled an initrd startup
by hand a
Control: severity -1 minor
Guten Abend Christian, hi again everyone!
(some AppArmor stuff first, then a question for the CUPS folks)
Christian Boltz:
> My guess is that John meant something like that:
> /etc/cups/** Cx -> trap,
> profile trap {
> # intentionally left empty
> }
Ah,
