Hacker News new | ask | show | jobs
by pwman 3178 days ago
That's not how AppArmor works provided you lock down your server software properly -- say the server running is NTP -- that NTP server is only able to read /etc/ntp/* and /usr/sbin/ntpd only able to write /var/log/ntp* only able to execute /usr/sbin/ntpd Now you've radically limited what an exploit of this particular server can mean.
1 comments
zzzcpan 3177 days ago
Not a good example, chmod, chown and chroot accomplish pretty much the same thing.
link
boramalper 3177 days ago
How? AFAIK, the only way to do it is to create a different user for each app, like Android, which seems absurd to me.
link