I am aware of Apparmor and specifically how it can be used to limit a program’s access rights where of the file-system permissions otherwise allow. What I’m less clear on is whether it’s possible for Apparmor or any similar security module to completely override a program’s access rights. Can they grant a program access to read/write/execute files that the user otherwise has no access to.
I’m asking for what the Linux Kernel will allow such a security module to do, not what existing security modules can be configured to do.
Can security modules completely override Linux Kernel’s access model?
Go to Source
Author: Philip Couling