mirror of
https://gitlab.com/apparmor/apparmor.git
synced 2025-03-04 08:24:42 +01:00
Update AppArmorTrustedHelpers
John Johansen
parent
6ec5523d8b
commit
4467b6b4e8
1 changed files with 10 additions and 1 deletions
|
|
@ -22,12 +22,19 @@ External Policy Blob
|
|||
|
||||
Trusted helpers need to deal with dynamic policy
|
||||
|
||||
## Dynamic includes
|
||||
Handling policy external to apparmor means having to handle dynamic policy computations
|
||||
|
||||
## Dynamic Includes
|
||||
dynamic includes can be used to extend a profile without having to replace an entire profile.
|
||||
They allow for a Trusted helper a controlled way to provide partial policy for a profile without needing the authority to replace/update a profile.
|
||||
|
||||
## Stacking
|
||||
|
||||
Used by Launchers and containers
|
||||
|
||||
## Delegation
|
||||
|
||||
|
||||
### Object (FD) Delegation
|
||||
|
||||
### Rule Delegation
|
||||
|
|
@ -47,6 +54,8 @@ Pulling policy from the kernel for independent policy
|
|||
|
||||
policy notifications
|
||||
|
||||
# Namespace scopes and views
|
||||
can be used to control access
|
||||
|
||||
# Example Trusted helpers
|
||||
|
||||
|
|
|
|||
Loading…
Add table
Reference in a new issue