[Pkg-samba-maint] [apparmor] Let's enable AppArmor by default (why not?)
Seth Arnold
seth.arnold at canonical.com
Tue Mar 20 00:37:03 UTC 2018
On Mon, Mar 19, 2018 at 10:10:02AM -0400, Marvin Renich wrote:
> Is there a way that an app (e.g. smbd) whose file access requirements
> change dynamically through admin and user configuration can at least
> inspect its own apparmor profile and give the user a clue that the admin
> must update the profile?
Our friends at SUSE have a script that automatically generates portions of
an AppArmor profile for Samba based on the Samba configuration:
https://bugzilla.novell.com/show_bug.cgi?id=688040
I'm not entirely sold on the idea, as a hand-authored security policy
can serve as belt-and-suspenders against misconfiguration or a broken
management system that allows unauthenticated users to create too-wide
shares.
The usability gain is undeniable.
Thanks
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 473 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-samba-maint/attachments/20180319/283dac4a/attachment-0001.sig>
More information about the Pkg-samba-maint
mailing list