mirrors/apparmor
1
0
Fork 0
mirror of https://gitlab.com/apparmor/apparmor.git synced 2025-03-04 08:24:42 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

Update AppArmorTrustedHelpers

John Johansen 2018-06-19 07:37:52 +00:00
parent 0ac04dab52
commit 2e10204bee
1 changed files with 15 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

19
AppArmorTrustedHelpers.md

@ -64,14 +64,25 @@ Trusted helpers need to deal with dynamic policy
Handling policy external to apparmor means having to handle dynamic policy computations
## Policy reloads
If a trusted helper has sufficient permissions it can use policy replacement to dynamically update policy rules.
The trusted helper will need to add/delete rules from the appropriate profile files and then compile and reload them.
Changes can be isolated in include files.
This provides a way to make the delegation permanent.
This is the only way supported on older versions of apparmor.
## Stacking
Used by Launchers and containers [stacking](Apparmorstacking)
## Dynamic Includes
dynamic includes can be used to extend a profile without having to replace an entire profile.
They allow for a Trusted helper a controlled way to provide partial policy for a profile without needing the authority to replace/update a profile.
## Stacking
Used by Launchers and containers [stacking](Apparmorstacking)
## Delegation
[delegation](Apparmordelegation)