On Fr, 18.08.23 13:25, 嵩智 (dirksu@xxxxxxxxx) wrote: > Hi all, > > I had a program which launched by systemd, and had NoNewPrivileges=true in > the service file. This program will use GIO subprocess to execute another > program2. Program2 will failed to run if applied AppArmor profile to it. > But if mark NoNewPrivileges=true out, then everything works fine. Can > NoNewPrivileges=true can work with AppArmor together? No AppArmor experts here. pleast contact the AppArmor community instead. The concept that NoNewPrivileges= exposes is called PR_SET_NO_NEW_PRIVS, hence ask about AA compat with that. Lennart -- Lennart Poettering, Berlin
Re: Can AppArmor be used with NoNewPrivileges=true enabled
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
- Subject: Re: Can AppArmor be used with NoNewPrivileges=true enabled
- From: Lennart Poettering <lennart@xxxxxxxxxxxxxx>
- Date: Mon, 21 Aug 2023 11:00:38 +0200
- Cc: systemd-devel@xxxxxxxxxxxxxxxxxxxxx
- In-reply-to: <CADAU=ogE3XpAWERJqnE+aJo72mwaS+aSv7=HdR=p3cLOZAjYVw@mail.gmail.com>
- References: <CADAU=ogE3XpAWERJqnE+aJo72mwaS+aSv7=HdR=p3cLOZAjYVw@mail.gmail.com>
- References:
- Prev by Date: Re: USB installer for mkosi
- Next by Date: systemd-cryptenroll with TPM2
- Previous by thread: Can AppArmor be used with NoNewPrivileges=true enabled
- Next by thread: USB installer for mkosi
- Index(es):
 |