[cap-talk] A Taxonomy of Current Object-Cap Systems

Lorens Kockum cap-talk-193 at tagged.lorens.org
Thu Mar 5 13:59:42 EST 2009


On Thu, Mar 05, 2009 at 07:04:33PM +0100, Rob Meijer wrote:
> AppArmor provides the facilities for this taking away much ambient
> authority (for the filesystem). The iptables owner match provides the
> facilities for taking away ambient authority for networking.

Unfortunately, the iptables owner match would be a classic
example of an ambient authority ACL.

That said, I'd be interested in knowing if AppArmor could
*without invading the whole system* be made to "sandbox" a given
process in a plash-like way (like starting Netscape^WFirefox
with only read-only rights to their libs, a space for temp
files, rights to execute systems programs with read-write rights
only in the temp space...) That would eliminate a whole class of
problems right there.

-- 
Lorens


More information about the cap-talk mailing list