[apparmor] [profile] transmission-gtk, the encrypted data and requested/denied 'rwc'.
daniel curtis
sidetripping at gmail.com
Wed Jan 20 08:32:26 UTC 2016
Hello Seth.
>> Correct, the 'c' means 'create' (...) The user-friendly tools convert
>> the 'c' to 'w' permission.
Okay, thank You for the explanation. So, a rule mentioned by me should be
enough? (I mean: 'owner $HOME/.cache/dconf/user rw,') If 'c' mean
'create', then 'rw' access should be sufficient.
>> Unfortunately I don't think we have any alternatives to this.
>> 'owner' is probably a good idea (...) You may also need 'k'
>> permission at some point (...)
So, according to all what You've wrote, I will use something like this (I
mean in a transmission-gtk profile):
------ /home/.ecryptfs/user/.Private rw,
+++ owner /home/.ecryptfs/user/.Private rwk,
And if it is about '/proc/sys/kernel/random/uuid' access, I will leave it
as-is since it is just "a simple wrapper around the kernel's randomness
functions with the correct uuid output format", right? If there isn't any
security implications...
For now, it seems to be all what I wanted to know. Thank You very much for
an answer, Seth.
Best regards.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20160120/b4489145/attachment-0001.html>
More information about the AppArmor
mailing list