Results 1 to 6 of 6

Thread: Can apparmor block execute any program in a specific dir?

  1. #1

    Default Can apparmor block execute any program in a specific dir?

    Hello,

    my plane is: prohibit execution of any program include shell command, only be profiled program could be executed, can apparmor do that?

    thank you.

  2. #2
    Join Date
    Jun 2008
    Location
    Earth - Denmark
    Posts
    10,730

    Default Re: Can apparmor block execute any program in a specific dir?

    luke chen wrote:
    > can apparmor do that?


    you are welcome to hang out here waiting to see if someone knows the
    answer to your Q (i have no clue)....but, you might want to also ask
    on the Novell side (since they are the ones who created AppArmor)..

    your log in credentials here will work there:
    http://forums.novell.com/novell-prod...rums/apparmor/

    scratch around and you might even find the answer using their forums
    advanced search: http://forums.novell.com/search.php?f=330

    --
    DenverD (Linux Counter 282315)
    CAVEAT: http://is.gd/bpoMD
    posted via NNTP w/TBird 2.0.0.23 | KDE 3.5.7 | openSUSE 10.3
    2.6.22.19-0.4-default SMP i686
    AMD Athlon 1 GB RAM | GeForce FX 5500 | ASRock K8Upgrade-760GX |
    CMedia 9761 AC'97 Audio

  3. #3

    Smile Re: Can apparmor block execute any program in a specific dir?

    help me,

    I confined bash, I delete the 'bash' entry in logprof.conf, and then aa-genprof bash, generate bash profile bin.bash, then I have added some programs what I admit to run, in the situation except listed program what in bin.bash profile could not be executed.

    but I have read the behavior is not be recommended, but I don't know why?

    if I want to confine any programs what not listed in 'white list', how can I do, thank you.

  4. #4

    Smile Re: Can apparmor block execute any program in a specific dir?

    thank you, thank you very much!

  5. #5

    Smile confine bash to trust no softer

    hello,

    I confined bash, I delete the 'bash' entry in logprof.conf, and then aa-genprof bash, generate bash profile bin.bash, then I have added some programs what I admit to run, in the situation except listed program what in bin.bash profile could not be executed.

    but I have read the behavior is not be recommended, but I don't know why?

    if I want to confine any programs what not listed in 'white list', how can I do, thank you.

    I have post in novell forum yet, but seems nobody reply.

  6. #6
    Join Date
    Jun 2008
    Location
    Groningen, Netherlands
    Posts
    19,793
    Blog Entries
    14

    Default Re: confine bash to trust no softer

    I think you are on the brink of creating troubles. Many linux programs call other programs, you might allow the one you think you're running, and have it crashing because you prohibited the underlying software.
    Please be a lot more specific about what you want to achieve.
    ° Appreciate my reply? Click the star and let me know why.

    ° Perfection is not gonna happen. No way.

    https://en.opensuse.org/openSUSE:Board#Members
    http://en.opensuse.org/User:Knurpht
    http://nl.opensuse.org/Gebruiker:Knurpht

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •