Google's Kernel Runtime Security Instrumentation (KRSI)


A Google stackable LSM module that modifies apparmor and other measures, in realtime in response to deleted files, suspicious memory access and other shady shit.

@Madaidan How ready is this? How useful is it in our current hardening regime?

1 Like

I don’t see why we’d need to modify apparmor at runtime. We won’t be able to use it anyway as allowing userspace to modify the policy is extremely dangerous so we deny the CAP_MAC_ADMIN capability https://github.com/Whonix/apparmor-profile-everything/blob/master/etc/apparmor.d/abstractions/dangerous-files#L56

[Imprint] [Privacy Policy] [Cookie Policy] [Terms of Use] [E-Sign Consent] [DMCA] [Contributors] [Investors] [Priority Support] [Professional Support]