AppArmor

  1. Bug #1444679
  2. Activity log

Activity log for bug #1444679

Date Who What changed Old value New value Message
2015-04-15 20:13:04 Tyler Hicks bug added bug
2015-04-15 20:45:15 John Johansen description It would be nice to have the ability to place static labels on files. I know that John has given this some thought in how it plays into existing AppArmor policy. The rules would look something like: label=foo rw, or file label=bar r, It would be nice to have the ability to place static labels on files and make rules conditional upon the existence of a given label. A rule can grant permission conditionally based on the label= conditional. Eg.  label=foo rw, # a generic access rule for any rule type that maps rw permissions, so file, network, unix, ...  file label=bar r, # only allow r access to files with label of bar The label on an object can be set via an assignment rule. file create label:=foo /dev/bar, The labels are stored in the security xattr.
2015-04-15 20:46:07 John Johansen bug added subscriber John Johansen
2015-04-21 12:55:58 Jamie Strandboge bug task added apparmor (Ubuntu)
2015-04-21 12:56:05 Jamie Strandboge apparmor (Ubuntu): status New Confirmed
2015-04-21 12:56:12 Jamie Strandboge apparmor (Ubuntu): importance Undecided Medium
2015-04-21 12:56:26 Jamie Strandboge tags aa-feature aa-kernel aa-parser aa-tools aa-feature aa-kernel aa-parser aa-tools application-confinement