Hi,
On 11/05/13 08:10, phree...@yandex.ru wrote:
Fresh AppArmor is available for further development.
The end result should be fully automatic confinement configuration for all
services configured using nixos options without extraConfig and such, a
feature
which would be unique to
Hi,
On 13/05/13 15:49, Eelco Dolstra wrote:
BTW, do you know if AppArmor profiles allow granting capabilities to a process
(rather than merely allowing capabilities they already have)? That way we
could
get rid of setuid ping entirely, simply by having a profile for
On Понедельник 13 мая 2013 15:49:49 Eelco Dolstra wrote:
Hi,
On 11/05/13 08:10, phree...@yandex.ru wrote:
Fresh AppArmor is available for further development.
The end result should be fully automatic confinement configuration for all
services configured using nixos options without
Fresh AppArmor is available for further development.
The end result should be fully automatic confinement configuration for all
services configured using nixos options without extraConfig and such, a feature
which would be unique to NixOS.
Currently, AppArmor ships with a single profile which
Thanks for getting this started. I have had some interest in finding out
the time and effort it would take to confine some services. The ping
example should help me get started
Thanks again.
On Sat, May 11, 2013 at 1:10 AM, phree...@yandex.ru wrote:
Fresh AppArmor is available for further