Breaking A Novell Apparmor Profile Into Its Parts - Novell LINUX ENTERPRISE DESKTOP 11 - SECURITY GUIDE 17-03-2009 Manual
Hide thumbs
Also See for LINUX ENTERPRISE DESKTOP 11 - SECURITY GUIDE 17-03-2009:
- Administration manual (338 pages) ,
- Deployment manual (246 pages) ,
- Application manual (364 pages)
Table of Contents
Advertisement
Capability Entries
Capability entries are profile entries for any of the POSIX.1e Linux capabilities
allowing a fine-grained control over what a confined process is allowed to do
through system calls that require privileges.
Network Access Control Entries
Network Access Control Entries mediate network access based on the address type
and family.
Local Variable Definitions
Local variables define shortcuts for paths.
File Access Control Entries
File Access Control Entries specify the set of files an application can access.
rlimit Entries
rlimit entries set and control an application's resource limits.
For help determining the programs to profile, refer to
grams to Immunize"
to
Chapter 23, Building and Managing Profiles with YaST
using the AppArmor command line interface, proceed to
from the Command Line
21.1 Breaking a Novell AppArmor
The easiest way of explaining what a profile consists of and how to create one is to
show the details of a sample profile, in this case for a hypothetical application called
/usr/bin/foo:
#include <tunables/global>
# a comment naming the application to confine
/usr/bin/foo
{
#include <abstractions/base>
capability setgid ,
network inet tcp ,
198
Security Guide
(page 190). To start building AppArmor profiles with YaST, proceed
(page 247).
Profile into Its Parts
Section 20.2, "Determining Pro-
(page 225). To build profiles
Chapter 24, Building Profiles
Advertisement
Table of Contents
