You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I started to work on an apparmor profile for the daemons included in the FRR suite. The apparmor upstream made a couple of suggestions while reviewing those profiles. The path used to store crash logs could possibly be a source of troubles, considering that frr is hardcoded and the pid guessable (and in worst case, the number of possible pids is not that big). They recommended to use a mktemp-generated name or move to a directory that is not world-writable.
I would also very much appreciate if someone could take a look to the apparmor profiles and/or test them trying to identify any potentially missing directory.
Thanks,
Jorge
The text was updated successfully, but these errors were encountered:
Hi folks,
I started to work on an apparmor profile for the daemons included in the FRR suite. The apparmor upstream made a couple of suggestions while reviewing those profiles. The path used to store crash logs could possibly be a source of troubles, considering that
frris hardcoded and the pid guessable (and in worst case, the number of possible pids is not that big). They recommended to use a mktemp-generated name or move to a directory that is not world-writable.I would also very much appreciate if someone could take a look to the apparmor profiles and/or test them trying to identify any potentially missing directory.
Thanks,
Jorge
The text was updated successfully, but these errors were encountered: