[apparmor] permissions on profiles in /etc/apparmor.d
Berkeley Roshan Churchill
berkeleychurchill at gmail.com
Fri Aug 22 22:00:01 UTC 2014
Hi folks,
I'm having trouble correctly setting permissions on profiles in the
/etc/apparmor.d folder.
On my systems, some of these files have permissions 0600 and other
have 0644. My instinct is that 0600 is preferable, since I see no
reason for non-root users to access them. However, every time I run my
configuration management system, and it changes a file from 0644 to
0600, and then runs aa-enforce, it causes the file to revert back to
0644. Any idea what's going on here? Is there a best practice in this
regard that I should follow?
Best wishes,
Berkeley
More information about the AppArmor
mailing list