diff options
author | Vincent43 <31109921+Vincent43@users.noreply.github.com> | 2019-11-24 23:05:00 +0100 |
---|---|---|
committer | Vincent43 <31109921+Vincent43@users.noreply.github.com> | 2019-11-24 23:05:00 +0100 |
commit | c1af59c9f31816127b43d10109c005661dd96c32 (patch) | |
tree | 59909eb0587e404ef0c2558fd86c9e1189d13196 /SECURITY.md | |
parent | apparmor: allow access to pcscd socket (smartcards) (diff) | |
download | firejail-c1af59c9f31816127b43d10109c005661dd96c32.tar.gz firejail-c1af59c9f31816127b43d10109c005661dd96c32.tar.zst firejail-c1af59c9f31816127b43d10109c005661dd96c32.zip |
apparmor: don't allow mounts and paths manipulation
AppArmor security relies on path based rules and rewriting paths
may allow to bypass them.
Those actions are priveliged so vast majority of apps shouldn't need
them anyway. If some app need those rules then it's better to
consider them as unsuitable for apparmor option rather than weaken
generic profile for all apps.
See related issue reported by apparmor usage in snap:
https://bugs.launchpad.net/snapd/+bug/1791711
Diffstat (limited to 'SECURITY.md')
0 files changed, 0 insertions, 0 deletions