[apparmor] Support binary that might be in different locations?
Aaron Lewis
the.warl0ck.1989 at gmail.com
Tue Jun 17 02:17:14 UTC 2014
Thanks John.
What does the second keyword ("nginx" here) in "profile nginx
/usr/{s,}bin/nginx" mean?
Is it just the profile name, which acts like an ID of the profile perhaps?
On Tue, Jun 17, 2014 at 8:28 AM, John Johansen
<john.johansen at canonical.com> wrote:
> On 06/16/2014 05:20 PM, Aaron Lewis wrote:
>> Hi,
>>
>> I have a profile that works on /usr/sbin/nginx, is it possible to make
>> it work for /usr/bin/nginx as well?
>> (without a new profile, not even the {} part)
>>
>> I'm not sure if this is supported.
>>
>
> It is. You can specfiy a globbing pattern based name, or you can specify
> the profile name separate from the attachment specification (pattern
> match).
>
> /usr/{s,}bin/nginx {
>
> }
>
> but that is kind of ugly, so you can do
>
> profile /usr/sbin/nginx /usr/{s,}bin/nginx {
>
> }
>
> or perhaps even better when you use the profile keyword the profile name
> does not have to be a path.
>
> profile nginx /usr/{s,}bin/nginx {
>
> }
>
--
Best Regards,
Aaron Lewis - PGP: 0x13714D33 - http://pgp.mit.edu/
Finger Print: 9F67 391B B770 8FF6 99DC D92D 87F6 2602 1371 4D33
More information about the AppArmor
mailing list