[Apparmor-dev] AppArmor 2.1 feature doc
jesse michael
jmichael at suse.de
Fri Aug 17 15:12:32 MDT 2007
On Fri, Aug 17, 2007 at 02:07:52PM -0600, Dominic Reynolds wrote:
> http://en.opensuse.org/AppArmor/Changes_AppArmor_2_1
Mediation of appending writes has been added. This feature introduces a
new permission character "a" to indicated this operation is allowed. The
"a" permission is mutually exclusive to the "w" permission, i.e. the a
given rule may include "w" or "a" but not both.
We should probably expand this to clarify that the "a" permission is a
subset of the "w" permission and that granting "w" permission implicitly
allows O_APPEND writes, but granting "a" permission does not allow
non-O_APPEND writes. And that if you've initially granted "a" permission
in a profile and then discover that you need non-O_APPEND writes after all,
you just need to upgrade the "a" to a "w" instead of adding both "a" and
"w" in the same profile rule.
More information about the Apparmor-dev
mailing list