search

ravthan / all-eyes

Automatically exported from code.google.com/p/all-eyes
0 stars 0 forks source link

Need to turn on the AppArmor inside the chroot jail #93

Closed GoogleCodeExporter closed 8 years ago

GoogleCodeExporter commented 8 years ago 
The appArmor protection currently isn't turned on inside the chroot 
environment.

Original issue reported on code.google.com by toddd...@gmail.com on 20 Nov 2012 at 2:37

GoogleCodeExporter commented 8 years ago

Original comment by ravt...@gmail.com on 20 Nov 2012 at 3:01

GoogleCodeExporter commented 8 years ago

Original comment by ravt...@gmail.com on 20 Nov 2012 at 3:51

GoogleCodeExporter commented 8 years ago 
This is an invalid bug.
This bug was filed because the 'root' id within the chroot-jail could write 
into /proc entries.  However, this is not true for monitors since 'ae' daemon 
lowers the privilege of the monitors to 'ae' user id.  So, monitors, which are 
children of the 'ae' daemon, will have read access, as it has been explicitly 
allowed in the AppArmor policy for 'ae' binary.
Verified and reasoned this with Ravi.  And hence closing it.

Original comment by toddd...@gmail.com on 21 Nov 2012 at 2:19