touch-packages team mailing list archive

Thread
Date

[Bug 1444679] Re: Support for static file labels

To: touch-packages@xxxxxxxxxxxxxxxxxxx
From: Jamie Strandboge <jamie@xxxxxxxxxx>
Date: Tue, 21 Apr 2015 12:55:58 -0000
Reply-to: Bug 1444679 <1444679@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

** Also affects: apparmor (Ubuntu)
   Importance: Undecided
       Status: New

** Changed in: apparmor (Ubuntu)
       Status: New => Confirmed

** Changed in: apparmor (Ubuntu)
   Importance: Undecided => Medium

** Tags added: application-confinement

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/1444679

Title:
  Support for static file labels

Status in AppArmor Linux application security framework:
  Confirmed
Status in apparmor package in Ubuntu:
  Confirmed

Bug description:
  It would be nice to have the ability to place static labels on files
  and make rules conditional upon the existence of a given label.

  A rule can grant permission conditionally based on the label=
  conditional.

  Eg.
   label=foo rw,   # a generic access rule for any rule type that maps rw permissions, so file, network, unix, ...

  
   file label=bar r,   # only allow r access to files with label of bar

  
  The label on an object can be set via an assignment rule.
    file create label:=foo /dev/bar,

  The labels are stored in the security xattr.

To manage notifications about this bug go to:
https://bugs.launchpad.net/apparmor/+bug/1444679/+subscriptions