Am Montag, 28. März 2016, 15:31:36 CEST schrieb Malte Gell:
> is there an AppArmor permission syntax that allows for adding a new
> file, but does not allow to delete or change existing files?
More or less ;-)
The 'a' (append) permission is close to what you are looking for.
It allows creating a file and appending data to it. (Typical usecase: log
Note that the application must call open() with the O_APPEND flag. If it
open()s the file without that flag, the append permission won't allow
writing to the file, even if the application actually only appends
something to the file.