Explore the extension of AppArmor to support unprivileged access control in this 48-minute conference talk by John Johansen and Georgia Garcia from Canonical. Delve into the challenges, pitfalls, and necessary changes for providing a flexible native API and emulating OpenBSD's pledge and unveil APIs. Learn how this development allows applications to use AppArmor as a backend for performing unprivileged access control, enabling privilege separation and sandboxing without relying on separate technologies. Understand the implications for mandatory access control and application security, and discover how this approach can support applications already modified for OpenBSD's APIs.
Overview
Syllabus
Unprivileged Access Control in AppArmor - John Johansen & Georgia Garcia, Canonical
Taught by
Linux Foundation
