support environment filtering

Bug #1045985 reported by Jamie Strandboge on 2012-09-04
10
This bug affects 1 person
Affects Status Importance Assigned to Milestone
AppArmor
Low
Unassigned
apparmor (Ubuntu)
Low
Unassigned
linux (Ubuntu)
Low
Unassigned

Bug Description

Confined applications have too much control over executables due to a lack of environment filtering in AppArmor. Bug #851986 is one such example. While we have employed the sanitized_helper to help, it should not be considered the final solution as it causes usability issues and is limited in what it can achieve. This bug is to track the environment filtering work.

Changed in apparmor (Ubuntu):
importance: Undecided → High
status: New → Triaged
Changed in apparmor (Ubuntu):
status: Triaged → In Progress
assignee: nobody → John Johansen (jjohansen)
Changed in apparmor (Ubuntu):
assignee: John Johansen (jjohansen) → nobody
status: In Progress → Triaged
tags: added: aa-feature
Changed in apparmor (Ubuntu):
importance: High → Medium
Changed in apparmor (Ubuntu):
importance: Medium → Low
summary: - AppArmor should support environment filtering
+ support environment filtering
Changed in apparmor:
importance: Undecided → Low
status: New → Triaged
Changed in apparmor (Ubuntu):
status: Triaged → Confirmed
Changed in linux (Ubuntu):
status: New → Confirmed
importance: Undecided → Low
tags: added: aa-kernel
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers