mirrors/apparmor
1
0
Fork 0
mirror of https://gitlab.com/apparmor/apparmor.git synced 2025-03-04 08:24:42 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

Update AppArmorObjectDelegation

John Johansen 2023-12-25 10:39:27 +00:00
parent bdaaf80528
commit 137fff7dc2
1 changed files with 7 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

9
AppArmorObjectDelegation.md

@ -34,9 +34,14 @@ Delegation of Authority via objects is a way to limit delegation to objects (fil
Object delegation has similarities
# Policy directed delegation
# Policy directed delegation (inheritance)
Policy directed delegation is done on behalf of the task at exec time (domain transition) without any additional task initiated action. It provides a means of specifying which open file objects can be inherited without [revalidation](???).
``` move this
In effect it is defining a new custom extended profile except that ipc rules to the profile label will continue to work and there is the possibility of partial dynamic replacement.
```
Policy directed delegation is done on behalf of the task at exec time without any additional task initiated action and is expressed as extending a task's profile with additional rules. In effect it is defining a new custom extended profile except that ipc rules to the profile label will continue to work and there is the possibility of partial dynamic replacement.
It is important to note that policy directed delegation is done at exec time and hence is always limited to children tasks.