[apparmor] create permission
john.johansen at canonical.com
Thu Dec 16 00:24:27 GMT 2010
So apparmor has had a create permission for a while now, but it has not been directly
expressible in policy. I would like to fix this however the letter c which is a natural
fit for create (and is what is used by the kernel when reporting it) is used as an x
modifier for children profiles (cx, Cx).
So to expose the create permission we have a few possible choices.
1. choose a different letter
2. use c and either require it is either
2.1 not used immediately to the left of x if it is to mean cx.
ie. xc == create and execute
cx == child profile transition
2.2 not used in a rule that has an x transition
3. exposed through long for permissions, ie. using the create keyword
/foo create px,
More information about the AppArmor