abstractions: Do not allow ld.so.preload by default in abstractions/base (!339) · Merge requests · AppArmor / apparmor

John Johansen requested to merge jjohansen/apparmor:remove-ld.so.preload into master Feb 18, 2019

This entry has security implications and it should NOT have ever been allowed by default in abstractions/base. This reverts commit 36244d48 ("add ld.so.preload to <abstractions/base>")

Note: while most systems are currently setup this way, access to /etc/ld.so.preload does not mean a user is actually capable of policy admin.

Nominated for every release this rule made its way into

Signed-off-by: John Johansen john.johansen@canonical.com

abstractions: Do not allow ld.so.preload by default in abstractions/base

Merge request reports