[Apparmor-dev] Re: AppArmor Security Goal
Christian Boltz
apparmor at cboltz.de
Mon Nov 12 12:56:16 MST 2007
Hello,
Am Sonntag, 11. November 2007 schrieb John Johansen:
> On Sat, Nov 10, 2007 at 03:52:31PM -0800, david at lang.hm wrote:
> > On Sat, 10 Nov 2007, Dr. David Alan Gilbert wrote:
> > is there a wildcard replacement for username? so that you could
> > grant permission to /home/$user/.mozilla...... and grant each user
> > access to only their own stuff?
> A variable no. But the current iteration does allow specifying
> permissions for files that are owned by the user. The method to do
> so has been changed from the current posting and may change again as
> their is some debate as to how best express this.
>
> So system policy can express something similar by doing
>
> owner rw @{HOME}/.mozilla,
I see the "owner" keyword the first time. Just curious:
- Is it already supported in openSUSE 10.3?
- Is it mentioned in the documentation?
- How is the owner detected? User ID of the confined process?
Or on other ways?
Regards,
Christian Boltz
--
Linux ist ein tolles Dings.....
Es zeigt mir jeden Tag wieder völlig unaufdringlich meine Grenzen, und
zeigt mir was ich alles noch nicht weiß.... [Axel Birndt in suse-linux]
More information about the Apparmor-dev
mailing list