diff options
author | kernelmethod <wss2ec@virginia.edu> | 2022-05-23 13:16:10 -0600 |
---|---|---|
committer | kernelmethod <wss2ec@virginia.edu> | 2022-05-23 13:16:10 -0600 |
commit | 9fdfc37fcc240cc329bd0c6383aa84d18daea61a (patch) | |
tree | b88e15b906c0e098f4f978a9b9e8a132c0d47f60 /docker | |
parent | 065ddfafd19bc802a7c7b6c5e2a601fb42b8150c (diff) | |
download | sudo-9fdfc37fcc240cc329bd0c6383aa84d18daea61a.tar.gz |
Add an APPARMOR_PROFILE user spec option to sudoers
sudoers now supports an APPARMOR_PROFILE option, which can be specified
as e.g.
alice ALL=(ALL:ALL) APPARMOR_PROFILE=foo ALL
The line above says "user alice can run any command as any user/group,
under confinement by the AppArmor profile 'foo'." Profiles can be
specified in any way that complies with the rules of
aa_change_profile(2). For instance, the sudoers configuration
alice ALL=(ALL:ALL) APPARMOR_PROFILE=unconfined ALL
allows alice to run any command unconfined (i.e., without an AppArmor
profile), while
alice ALL=(ALL:ALL) APPARMOR_PROFILE=foo//&bar ALL
tells sudoers that alice can run any command under the stacked AppArmor
profiles 'foo' and 'bar'.
The intention of this option is to give sysadmins on Linux distros
supporting AppArmor better options for fine-grained access control.
Among other things, this option can enforce mandatory access control
(MAC) over the operations that a privileged user is able to perform to
ensure that they cannot privesc past the boundaries of a specified
profile. It can also be used to limit which users are able to get
unconfined system access, by enforcing a default AppArmor profile on all
users and then specifying 'APPARMOR_PROFILE=unconfined' for a privileged
subset of users.
Diffstat (limited to 'docker')
0 files changed, 0 insertions, 0 deletions