[apparmor] Default deny access to the directory
Cameron Norman
camerontnorman at gmail.com
Fri Jan 16 03:17:08 UTC 2015
On Thu, Jan 15, 2015 at 10:23 AM, Dmitry Kasatkin
<dmitry.kasatkin at gmail.com> wrote:
> Hi,
>
> I am running stock Ubuntu 14.10 and there I would like to create a policy
> which allows program '/sbin/appd' to access directory '/etc/appd/', but
> forbid for any other program having profile or not.
>
> Is there anyway to specify "default" policy which denies access to
> /etc/food?
If `appd` is running as its own special user (e.g. _appd) or as root,
you can just use chmod to remove all permissions for everyone from the
directory in question, then give appd's user/group ownership of the
directory:
chown _appd:_appd /etc/appd
chmod 750 /etc/appd
then only root and appd can access that directory.
Hopefully that helps.
--
Cameron Norman
More information about the AppArmor
mailing list