[apparmor] What's the 'd' flag?
Aaron Lewis
the.warl0ck.1989 at gmail.com
Tue Jun 17 02:17:47 UTC 2014
Ah I get it, I didn't see the operation="unlink" part back then
Thanks John!
On Tue, Jun 17, 2014 at 8:31 AM, John Johansen
<john.johansen at canonical.com> wrote:
> On 06/16/2014 05:26 PM, Aaron Lewis wrote:
>> Hi,
>>
>> Take a look at the following message
>>
>> [ 760.181424] type=1400 audit(xxxxxxx:113): apparmor="ALLOWED"
>> operation="unlink" parent=1 profile="/usr/sbin/php5-fpm"
>> name="/run/php5-fpm.sock" pid=1340 comm="php5-fpm" requested_mask="d"
>> denied_mask="d" fsuid=0 ouid=0
>>
>> I tried to set the 'd' flag in the profile but it caused a syntax error
>> (Running Ubuntu 12.04 everything up-to-date)
>>
>
> The kernel is tracking a wider permission set than the current userspace
> policy uses. The d flag is deleted, and the c flag is create, both of
> those currently map to the write permission in userspace policy.
>
> There are plans to enable specifying a finer permission set in userspace
> when needed but that work is not ready yet
>
--
Best Regards,
Aaron Lewis - PGP: 0x13714D33 - http://pgp.mit.edu/
Finger Print: 9F67 391B B770 8FF6 99DC D92D 87F6 2602 1371 4D33
More information about the AppArmor
mailing list