[apparmor] Understanding child profiles and file_inherit
Vincas Dargis
vindrg at gmail.com
Sun Nov 12 14:31:14 UTC 2017
On 2017.11.12 16:16, intrigeri wrote:
> Sorry, I have no good solution to propose. Either you need to
> explicitly deny each inherited file. Or you can deny everything ("deny
> /**") and then add exceptions for what locale really needs to access,
Doesn't deny overrides everything what is allowed? Not sure if that "exceptions" could work when `deny` is already in place.
Anyway, I guess I can simply explicitly deny file_inherit cases, and any new occurrences could be treated as
low-priority-almost-wonfix :) .
More information about the AppArmor
mailing list