[apparmor] Allow defaults except for reading a directory
Kees Cook
kees at ubuntu.com
Sun Aug 26 17:43:09 UTC 2012
On Sun, Aug 26, 2012 at 12:01:41PM -0500, Ian Nicholson wrote:
> On 08/26/2012 11:58 AM, Ahmet Emre Aladağ wrote:
> > Now I found the problem.
> >
> > When I use
> > sh pycharm.sh, it doesn't work
> >
> > When I use
> > ./pycharm.sh, it works! Access denied.
> >
> > Thank you very very much, it was very kind of you.
> >
> I ran into this myself yesterday, except with a python file. I assume
> it's because running "python filename.py" causes apparmor to apply the
> profile for the python interpreter, whereas running "./filename.py" will
> cause apparmor to use the profile that I've created for the actual
> script. Can anyone tell me if that's right?
That's correct. It's a matter of what the kernel thinks is executing. The
first is running the interpreter with an argument (the script) and the
latter is running the script, which has a given interpreter.
-Kees
--
Kees Cook @outflux.net
More information about the AppArmor
mailing list