Execute Modes - Novell LINUX ENTERPRISE DESKTOP 11 - SECURITY GUIDE 17-03-2009 Manual
Hide thumbs
Also See for LINUX ENTERPRISE DESKTOP 11 - SECURITY GUIDE 17-03-2009:
- Administration manual (338 pages) ,
- Deployment manual (246 pages) ,
- Application manual (364 pages)
Table of Contents
Advertisement
21.8 Execute Modes
Execute modes, also named profile transitions, consist of the following modes:
px
cx
ux
ix
m
21.8.1 Discrete Profile Execute Mode (px)
This mode requires that a discrete security profile is defined for a resource executed at
an AppArmor domain transition. If there is no profile defined, the access is denied.
WARNING: Using the Discrete Profile Execute Mode
px does not scrub the environment of variables such as LD_PRELOAD. As a
result, the calling domain may have an undue amount of influence over the
called item.
Incompatible with Ux, ux, Px, and ix.
21.8.2 Discrete Local Profile Execute Mode
As px, but instead of searching the global profile set, cx only searches the local profiles
of the current profile. This profile transition provides a way for an application to have
alternate profiles for helper applications.
212
Security Guide
Discrete profile execute mode
Discrete local profile execute mode
Unconstrained execute mode
Inherit execute mode
Allow PROT_EXEC with mmap(2) calls
(cx)
Advertisement
Table of Contents
