Can apparmor block execute any program in a specific dir?

Hello,

my plane is: prohibit execution of any program include shell command, only be profiled program could be executed, can apparmor do that?

thank you.

luke chen wrote:
> can apparmor do that?

you are welcome to hang out here waiting to see if someone knows the
answer to your Q (i have no clue)…but, you might want to also ask
on the Novell side (since they are the ones who created AppArmor)…

your log in credentials here will work there:
http://forums.novell.com/novell-product-support-forums/apparmor/

scratch around and you might even find the answer using their forums
advanced search: http://forums.novell.com/search.php?f=330


DenverD (Linux Counter 282315)
CAVEAT: http://is.gd/bpoMD
posted via NNTP w/TBird 2.0.0.23 | KDE 3.5.7 | openSUSE 10.3
2.6.22.19-0.4-default SMP i686
AMD Athlon 1 GB RAM | GeForce FX 5500 | ASRock K8Upgrade-760GX |
CMedia 9761 AC’97 Audio

help me,

I confined bash, I delete the ‘bash’ entry in logprof.conf, and then aa-genprof bash, generate bash profile bin.bash, then I have added some programs what I admit to run, in the situation except listed program what in bin.bash profile could not be executed.

but I have read the behavior is not be recommended, but I don’t know why?

if I want to confine any programs what not listed in ‘white list’, how can I do, thank you.

thank you, thank you very much!:slight_smile:

hello,

I confined bash, I delete the ‘bash’ entry in logprof.conf, and then aa-genprof bash, generate bash profile bin.bash, then I have added some programs what I admit to run, in the situation except listed program what in bin.bash profile could not be executed.

but I have read the behavior is not be recommended, but I don’t know why?

if I want to confine any programs what not listed in ‘white list’, how can I do, thank you.

I have post in novell forum yet, but seems nobody reply.

I think you are on the brink of creating troubles. Many linux programs call other programs, you might allow the one you think you’re running, and have it crashing because you prohibited the underlying software.
Please be a lot more specific about what you want to achieve.