apparmor syntax adding a file

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

apparmor syntax adding a file

Malte Gell-3
Hi,

is there an AppArmor permission syntax that allows for adding a new
file, but does not allow to delete or change existing files?

Thanx
--
To unsubscribe, e-mail: [hidden email]
To contact the owner, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

Re: apparmor syntax adding a file

Christian Boltz-7
Hello,

Am Montag, 28. März 2016, 15:31:36 CEST schrieb Malte Gell:
> is there an AppArmor permission syntax that allows for adding a new
> file, but does not allow to delete or change existing files?

More or less ;-)

The 'a' (append) permission is close to what you are looking for.
It allows creating a file and appending data to it. (Typical usecase: log
files.)

Note that the application must call open() with the O_APPEND flag. If it
open()s the file without that flag, the append permission won't allow
writing to the file, even if the application actually only appends
something to the file.


Regards,

Christian Boltz
--
We break the translation consistently (wow, consistent break, I like
that wording) [from https://bugzilla.novell.com/show_bug.cgi?id=165509]

--
To unsubscribe, e-mail: [hidden email]
To contact the owner, e-mail: [hidden email]