[apparmor] deny and selectively allow in AppArmor?
John Johansen
john.johansen at canonical.com
Sat Aug 8 09:37:54 UTC 2020
On 8/8/20 2:14 AM, Mikhail Morfikov wrote:
> On 07/08/2020 22.12, Christian Boltz wrote:
>>
>> They get added up - so in your example, you'll get rw.
>>
>> As another example,
>>
>> /foo rwl,
>> /foo wk,
>>
>> will effectively give you /foo rwlk,
>>
>
> I have a question -- what would be in this case?
>
> owner /foo rwl,
> /foo wk,
>
>
>
>
/foo wk, is essentially split into 2 rules
owner /foo wk,
not owner /foo wk,
we combine these with owner /foo rwl, to get
owner /foo rwlk,
not owner /foo wk,
please note that "not owner" is not valid syntax but servers for the explanation.
More information about the AppArmor
mailing list