[apparmor] What's the 'd' flag?

Aaron Lewis the.warl0ck.1989 at gmail.com
Tue Jun 17 02:17:47 UTC 2014

Ah I get it, I didn't see the operation="unlink" part back then

Thanks John!

On Tue, Jun 17, 2014 at 8:31 AM, John Johansen
<john.johansen at canonical.com> wrote:
> On 06/16/2014 05:26 PM, Aaron Lewis wrote:
>> Hi,
>> Take a look at the following message
>> [  760.181424] type=1400 audit(xxxxxxx:113): apparmor="ALLOWED"
>> operation="unlink" parent=1 profile="/usr/sbin/php5-fpm"
>> name="/run/php5-fpm.sock" pid=1340 comm="php5-fpm" requested_mask="d"
>> denied_mask="d" fsuid=0 ouid=0
>> I tried to set the 'd' flag in the profile but it caused a syntax error
>> (Running Ubuntu 12.04 everything up-to-date)
> The kernel is tracking a wider permission set than the current userspace
> policy uses. The d flag is deleted, and the c flag is create, both of
> those currently map to the write permission in userspace policy.
> There are plans to enable specifying a finer permission set in userspace
> when needed but that work is not ready yet

Best Regards,
Aaron Lewis - PGP: 0x13714D33 - http://pgp.mit.edu/
Finger Print:   9F67 391B B770 8FF6 99DC  D92D 87F6 2602 1371 4D33

More information about the AppArmor mailing list