Public bug reported:
It would be nice to add an apparmor profile for this package for
improved isolation as suggested in the latest MIR review at LP: #1828887
"""
3. We are also suggesting isolation a bit more nowadays
And in this particular case i think those tools will read disk metadata
(which could be tampered with) and do privileged things (so they run
with power).
At the same time they do very particular things in many dedicated
binaries, not general purpose "do all that is possible" which is hard to
isolate.
Therefore they'd be a great candidate to write apparmor profiles for.
But on the other hand, it is also a complex task as you'd need all kinds
of storage hardware and use cases to be sure all is covered.
As this is a re-review this suggestion is good, but not blocking/gating.
Furthermore the rust rewrite should at least improve memory safety and that all
code was re-looked at in this decade - so it did improve.
Feel free to create a bug or item tracker to come back to isolating it once
capacity allows.
"""
** Affects: thin-provisioning-tools (Ubuntu)
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2091871
Title:
Add apparmor profile
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/thin-provisioning-tools/+bug/2091871/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
