Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

auto-apply AppArmor profiles #368

Open
cyphar opened this issue Mar 29, 2021 · 1 comment
Open

auto-apply AppArmor profiles #368

cyphar opened this issue Mar 29, 2021 · 1 comment
Labels
security

Comments

@cyphar
Copy link
Member

cyphar commented Mar 29, 2021

It would be interesting to see if we can auto-apply AppArmor profiles if we are running as a privileged user (after all, we are only ever going to be modifying files inside the unpack directory and there are a whole host of rights we aren't going to be using).
@cyphar
Copy link
Member Author

cyphar commented Apr 5, 2021

(Though at this point there is a valid question of "why not just chroot at that point".) Maybe we should be applying security hardenings like that if possible, and if not then we fall back to the current approach (trust that our path sanitisation is safe).

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
security
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@cyphar