[apparmor] Support binary that might be in different locations?
John Johansen
john.johansen at canonical.com
Tue Jun 17 00:28:47 UTC 2014
On 06/16/2014 05:20 PM, Aaron Lewis wrote:
> Hi,
>
> I have a profile that works on /usr/sbin/nginx, is it possible to make
> it work for /usr/bin/nginx as well?
> (without a new profile, not even the {} part)
>
> I'm not sure if this is supported.
>
It is. You can specfiy a globbing pattern based name, or you can specify
the profile name separate from the attachment specification (pattern
match).
/usr/{s,}bin/nginx {
}
but that is kind of ugly, so you can do
profile /usr/sbin/nginx /usr/{s,}bin/nginx {
}
or perhaps even better when you use the profile keyword the profile name
does not have to be a path.
profile nginx /usr/{s,}bin/nginx {
}
More information about the AppArmor
mailing list