-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Out of curiosity, why?
Being very new to AppArmor I would guess the following two things are
required:
First, AppArmor configs much be able to say "All this and deny all
others" which may be possible but I don't know. Also a variable with
the current process' PID must be allowed inside these scripts. I found
a document by Google-ing for 'apparmor configure variable' (w/out
quotes) that shows the ability to use @{USER] to get the username so I
assume you can also use @{PPID} to get the current process' PID.
As far as the configuration to allow-this-and-no-others, I'm not sure.
AppArmor lets you run it is learning mode so that may help with the
rest. Please post back your results.
Good luck.
apparmor@wrfranklin.org wrote:
> Can I allow a process to read about itself in /proc, while not allowing it
> to read any other procedure's data? Thanks.
>
> That is, giving process 1234 this:
>
> /proc/1234/** r,
>
>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)
Comment: Using GnuPG with Mozilla -
http://enigmail.mozdev.org
iD8DBQFF8K6o7eGRNwWOK9IRAoh/AJ4jowwnqSv5/O/DWu3ZwWlBrWta7QCgmuaR
+/IJEsiX1IhuhtBMT1j1vPQ=
=BaNP
-----END PGP SIGNATURE-----
Re: allowing only /proc/THISPROC/
Threaded Mode
