[apparmor] Allow defaults except for reading a directory
Ahmet Emre Aladağ
aladagemre at gmail.com
Sun Aug 26 15:52:05 UTC 2012
Hi,
1) Is it possible to allow default access for a program but deny only a
single directory like /home/user/Documents?
2) I'd like to restrict PyCharm which is a java program runned by
pycharm.sh file with content:
...
MAIN_CLASS_NAME="com.intellij.idea.Main"
eval $JDK/bin/java $ALL_JVM_ARGS -Djb.restart.code=88 $MAIN_CLASS_NAME $*
When it's run, ps x gives the following result:
20971 pts/3 Sl+ 0:27 /usr/lib/jdk.1.7.0_06/bin/java -Xms128m
-Xmx800m -XX:MaxPermSize=350m -XX:ReservedCodeCacheSize=64m -ea
-Djb.vmOptionsFile=./pycharm64.vmoptions -Xb
Can I restrict speficially this process but not the whole java?
Thanks,
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20120826/32da2b50/attachment.html>
More information about the AppArmor
mailing list