[Apparmor-general] How the link attribute is used?

[John Johansen]

On Tue, Feb 20, 2007 at 11:08:51PM -0700, S Kalyanasundaram wrote:
> Hi, 
>  My application takes the backup copy of log files. My application during the startup will take a back of this file /var/log/app/test.log as /var/log/app/test.log~ and create a new version if it. 
> 
> I have given /var/log/app/test.log* rw, (application is not creating the backup) So i had given the rwl access and it takes the back up now. So how the link works?
> 
> It might be a basic question but i am not getting it. 
> 

The link bit is required on the source file of a hard link, and both the
entries for the source and destination files must have the same
permissions (minus the link bit) for their file rules.

In your case the source and target are satisfied by the same rule so
l bit must be on that rule, however you could have split the rule into

some_profile {
	/var/log/app/test.log rwl,
	/var/log/app/test.log* rw,
}
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://forge.novell.com/pipermail/apparmor-general/attachments/20070221/9124fd5d/attachment.pgp