Some issues in the management of Linux capabilities by AppArmor
AppArmor is one of the most known LSM modules that allows the application of MAC access control rules. This tool is known to be easy to use when it is compared to SELinux. As a part of my research work, I wanted to know how AppArmor manages Linux capabilities (administrative privileges for Linux). So I have decided to build a shell script that requires administrative privileges and see how AppArmor can restrict this shell script. This work has allowed me to identify some important issues. My script includes two different commands that require two Linux capabilities: chown permits to change the owner of the file. This command requires the Linux capability cap_chown. nc -l 80 permits to create a process that listens to the port 80. This command requires the Linux capability cap_net_bind_service. Here is my shell script: #!/bin/bash if chown test file1.txt ; then echo "owner changed" else echo "fai...