David Wagner wrote:Also, things like:
James Morris wrote:It was a simplicity trade off at the time, when AppArmor was mostly
[...] you can change the behavior of the application and then bypass policy entirely by utilizing any mechanism other than direct filesystem access: IPC, shared memory, Unix domain sockets, local IP networking, remote networking etc.[...]
Just look at their code and their own description of AppArmor.My gosh, you're right. What the heck? With all due respect to the
developers of AppArmor, I can't help thinking that that's pretty lame.
I think this raises substantial questions about the value of AppArmor.
What is the point of having a jail if it leaves gaping holes that
malicious code could use to escape?
And why isn't this documented clearly, with the implications fully
I would like to hear the AppArmor developers defend this design decision.
aimed at servers, and there was no HAL or DBUS. Now it is definitely a
limitation that we are addressing. We are working on a mediation system
for what kind of IPC a confined process can do