Commit 4023f080 authored by Emanuele Aina's avatar Emanuele Aina

security: Workaround broken listing/table references

Signed-off-by: Emanuele Aina's avatarEmanuele Aina <emanuele.aina@collabora.com>

Differential Revision: https://phabricator.apertis.org/D3965
parent b28f1b3b
......@@ -774,7 +774,7 @@ and flexibility that should be taken into consideration.
The recommendation on the selection of the framework is a combination of
the adoption of the framework by existing distributions, features,
maintainability, cost of deployment and experience of the developers
involved. Table Table contains a comparison of the adoption of the
involved. The table below contains a comparison of the adoption of the
existing security models. Only major distributions that ship and enable
the module by default are listed.
......@@ -1048,7 +1048,8 @@ AppArmor profiles and on how they will be installed and loaded.
#### A note about root
As has been demonstrated in listing Text, AppArmor can restrict even the
As has been demonstrated in listing *AppArmor restriction applying to file system links*,
AppArmor can restrict even the
powers of the root user. Most platforms do not try to limit that power
in any way, since if an attacker has breached the system to get root
privileges it's likely that all bets are already off. That said, it
......@@ -1071,7 +1072,8 @@ solution by locking down a shell, which represents the Apertis
application launcher, and granting specific privileges to a couple
applications so that they are able to access the files they require.
Listing Text shows the profiles for the shell, essentially denying it
Listing *Sample profiles for implementing white-listing*
shows a profile for the shell, essentially denying it
access to everything by not allowing access to any files. It gives the
shell permission to run both ls and cat. Note that flags *rix* are used
for this, meaning the shell can read the binaries (r), and execute them
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment