apparmor: don't allow mounts and paths manipulation - firejail - Mirror of https://github.com/netblue30/firejail

diff options

author	Vincent43 <31109921+Vincent43@users.noreply.github.com>	2019-11-24 23:05:00 +0100
committer	Vincent43 <31109921+Vincent43@users.noreply.github.com>	2019-11-24 23:05:00 +0100
commit	c1af59c9f31816127b43d10109c005661dd96c32 (patch)
tree	59909eb0587e404ef0c2558fd86c9e1189d13196 /RELNOTES
parent	apparmor: allow access to pcscd socket (smartcards) (diff)
download	firejail-c1af59c9f31816127b43d10109c005661dd96c32.tar.gz firejail-c1af59c9f31816127b43d10109c005661dd96c32.tar.zst firejail-c1af59c9f31816127b43d10109c005661dd96c32.zip

apparmor: don't allow mounts and paths manipulation

AppArmor security relies on path based rules and rewriting paths may allow to bypass them. Those actions are priveliged so vast majority of apps shouldn't need them anyway. If some app need those rules then it's better to consider them as unsuitable for apparmor option rather than weaken generic profile for all apps. See related issue reported by apparmor usage in snap: https://bugs.launchpad.net/snapd/+bug/1791711

Diffstat (limited to 'RELNOTES')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: