On Mon, Mar 19, 2018 at 10:10:02AM -0400, Marvin Renich wrote: > Is there a way that an app (e.g. smbd) whose file access requirements > change dynamically through admin and user configuration can at least > inspect its own apparmor profile and give the user a clue that the admin > must update the profile? Our friends at SUSE have a script that automatically generates portions of an AppArmor profile for Samba based on the Samba configuration: https://bugzilla.novell.com/show_bug.cgi?id=688040 I'm not entirely sold on the idea, as a hand-authored security policy can serve as belt-and-suspenders against misconfiguration or a broken management system that allows unauthenticated users to create too-wide shares. The usability gain is undeniable. Thanks
Attachment:
signature.asc
Description: PGP signature