Re: [apparmor] Security modules and sending signals within the same process

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 11/30/18 9:54 AM, Casey Schaufler wrote:
> On 11/30/2018 7:14 AM, Florian Weimer wrote:
>> Is it guaranteed that tasks in the same thread group can always send
>> signals to each other, irrespective of their respective credentials
>> structs?
> 
> No. An LSM may chose to disallow this based on just about any
> criteria it desires.
> 

And apparmor is in fact doing this a few limited situations, userspace
has to request the profile change via an api, and regular policy
enforcement based on credentials mediates the signals. Its not
something we recommend but it has been used.





[Index of Archives]     [Linux USB Devel]     [Video for Linux]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]

  Powered by Linux