[apparmor] Syntax error for folder creating?
Jamie Strandboge
jamie at canonical.com
Tue Jan 8 14:44:38 UTC 2013
On 01/08/2013 08:34 AM, Aaron Lewis wrote:
> Hi Jamie,
>
> On 08:27 Tue 08 Jan , Jamie Strandboge wrote:
>> On 01/08/2013 08:09 AM, Aaron Lewis wrote:
>>> Hi,
>>>
>>> I don't know why, while creating profile for chromium,
>>>
>>> /usr/lib/chromium/extensions/ c,
>>>
>>> aa-parser just complains
>>>
>> 'c'reate is currently not supported by the userspace tools, even though
>> the kernel recognizes it as different. Use 'w' which implies 'c' instead.
>
> Thanks, I substituted it, but that DENIED message doesn't appear again
> for this moment, so I can't test it at this moment ;-P
>
> /usr/lib/chromium/extensions/ doesn't exist, would it work as well?
>
> Hopefully I don't have to enable write permission for
> /usr/lib/chromium/{**,}
>
> Wha ya think?
>
Sometimes an application will ask for write permissions to something
like this even though it doesn't need it to run. An explicit deny rule
will suppress the log message:
deny /usr/lib/chromium/extensions/ w,
Another option is something like this:
/usr/lib/chromium/ r,
/usr/lib/chromium/** r,
deny /usr/lib/chromium/** w,
--
Jamie Strandboge http://www.ubuntu.com/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 899 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20130108/8237da82/attachment.pgp>
More information about the AppArmor
mailing list