Public bug reported:
Hi Colin,
The AppArmor profile loading interface has historically been restricted
to euid 0 with CAP_MAC_ADMIN. However we're interested in offering
AppArmor services to less-trusted and potentially malicious actors.
We'd love some deeper testing on the
/sys/kernel/security/apparmor/{.load,.remove.,replace} interfaces, and
stress-ng appears to be quite good at breaking things; it feels like an
ideal fit.
The corresponding code in the kernel is in
security/apparmor/policy_unpack.c
The corresponding code in the AppArmor parser is in
http://bazaar.launchpad.net/~apparmor-
dev/apparmor/master/view/head:/parser/parser_interface.c
The AppArmor team can be reached in #apparmor on irc.oftc.net or
#security on irc.canonical.com. for real-time conversation or
https://lists.ubuntu.com/mailman/listinfo/apparmor for more complicated
conversation.
Please consider adding support for AppArmor's interfaces to stress-ng.
Thanks!
** Affects: stress-ng (Ubuntu)
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1525021
Title:
please add apparmor profile load interface
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/stress-ng/+bug/1525021/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
