profile /usr/bin/foo {
...
}
/usr/bin/foo {
...
}
Unattached profiles are never used automatically, nor can they be transitioned to through
a
px
rule. They need to be attached to a program by either using a named profile tran-
sition (see
Section 21.8.7, “Named Profile Transitions”
(page 254)) or with the
change_profile
rule (see
Section 21.2.5, “Change rules”
(page 243)).
Unattached profiles are useful for specialized profiles for system utilities that generally
should not be confined by a system wide profile (for example,
/bin/bash
). They
can also be used to set up roles or to confine a user.
21.2.3 Local Profiles
Local profiles provide a convenient way to provide specialized confinement for utility
programs launched by a confined application. They are specified just like standard
profiles except they are embedded in a parent profile and begin with the
profile
keyword:
/parent/profile {
...
profile local/profile {
...
}
}
To transition to a local profile, either use a
cx
rule (see
Section 21.8.2, “Discrete Local
Profile Execute Mode (cx)”
(page 252)) or a named profile transition (see
Section 21.8.7,
“Named Profile Transitions”
(page 254)).
21.2.4 Hats
AppArmor "hats" are a local profiles with some additional restrictions and an implicit
rule allowing for
change_hat
to be used to transition to them. Refer to
Chapter 25,
Profiling Your Web Applications Using ChangeHat
(page 315) for a detailed description.
242
Security Guide
Содержание LINUX ENTERPRISE DESKTOP 11
Страница 1: ...SUSE Linux Enterprise Server www novell com 11 March 17 2009 Security Guide...
Страница 9: ...32 7 Managing Audit Event Records Using Keys 433 33 Useful Resources 435...
Страница 10: ......
Страница 29: ...Part I Authentication...
Страница 30: ......
Страница 55: ...Figure 4 2 YaST LDAP Server Configuration LDAP A Directory Service 41...
Страница 126: ......
Страница 127: ...Part II Local Security...
Страница 128: ......
Страница 158: ......
Страница 173: ...Part III Network Security...
Страница 174: ......
Страница 194: ......
Страница 197: ...Figure 16 2 Scenario 2 Figure 16 3 Scenario 3 Configuring VPN Server 183...
Страница 210: ......
Страница 228: ......
Страница 229: ...Part IV Confining Privileges with Novell AppArmor...
Страница 230: ......
Страница 274: ......
Страница 300: ......
Страница 328: ......
Страница 340: ......
Страница 342: ......
Страница 386: ......
Страница 387: ...Part V The Linux Audit Framework...
Страница 388: ......