[Apparmor-dev] Re: AppArmor 2.1 feature doc
Dominic Reynolds
dreynolds at suse.de
Fri Aug 17 15:35:57 MDT 2007
Updated - thanks jesse.
-dom
+++ jesse michael [17/08/07 14:12 -0700]:
> On Fri, Aug 17, 2007 at 02:07:52PM -0600, Dominic Reynolds wrote:
> > http://en.opensuse.org/AppArmor/Changes_AppArmor_2_1
>
> Mediation of appending writes has been added. This feature introduces a
> new permission character "a" to indicated this operation is allowed. The
> "a" permission is mutually exclusive to the "w" permission, i.e. the a
> given rule may include "w" or "a" but not both.
>
> We should probably expand this to clarify that the "a" permission is a
> subset of the "w" permission and that granting "w" permission implicitly
> allows O_APPEND writes, but granting "a" permission does not allow
> non-O_APPEND writes. And that if you've initially granted "a" permission
> in a profile and then discover that you need non-O_APPEND writes after all,
> you just need to upgrade the "a" to a "w" instead of adding both "a" and
> "w" in the same profile rule.
>
> _______________________________________________
> Apparmor-dev mailing list
> Apparmor-dev at forge.novell.com
> http://forge.novell.com/mailman/listinfo/apparmor-dev
>
More information about the Apparmor-dev
mailing list