[apparmor] Learning apparmor
Diane Trout
diane at ghic.org
Tue Dec 18 17:31:46 UTC 2012
Thank you for the quite detailed response to my first questions.
Can you have overlaping rules in one file?
e.g.
profile spectrum-common /usr/bin/{spectrum2_manager,spectrum2} {
# acccess config file
/etc/sepectrum2/** r,
}
# manager should be able to launch children
/usr/bin/spectrum2_manager {
/usr/bin/spectrum2 rm,
}
#daemon should access net
/usr/bin/spectrum2 {
#include <abstractions/nameservice>
}
If given that, would the spectrum-common rules apply to both?
I'm also assuming that if there's a way to use it ix is also a good choice. (Especially if I want to wrap my pbuilder jobs).
Is there a more detailed explanation of the between P and C modes?
The man page implies both require that there is a profile defined for the subprocess. One requires a profile, one requires a "local" profile.
Diane
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 190 bytes
Desc: not available
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20121218/4addefad/attachment.pgp>
More information about the AppArmor
mailing list