On Tue, 2012-02-07 at 16:50 +0100, Christian Boltz wrote: > Hello, > > Am Dienstag, 7. Februar 2012 schrieb Jamie Strandboge: > > diff -Naurp -x .bzr -x common > > apparmor-trunk/utils/easyprof/policygroups/opt-application > > apparmor-trunk-easyprof/utils/easyprof/policygroups/opt-application > > --- apparmor-trunk/utils/easyprof/policygroups/opt-application 1969-12-31 > > 18:00:00.000000000 -0600 > > +++ apparmor-trunk-easyprof/utils/easyprof/policygroups/opt-application > > 2012-02-06 16:39:38.000000000 -0600 > > @@ -0,0 +1,3 @@ > > +# Policy group for applications installed in /opt > > +/opt/@{APPNAME}/ r, > > +/opt/@{APPNAME}/** mrlk, > > Is the "l" permission really needed for /opt?
Maybe? I thought it conceivable that applications might have their own tmp directory in /opt which is why I added 'l' (ie, we do that in the user-tmp abstraction). Of course, that falls apart because I forgot 'w'. Maybe I'll drop 'l' for now and add 'l' if we need 'w' later on. It is not known if this is strictly required, but the point of this policy-group is to make sure that applications can do mostly whatever they need to in /opt/@{APPNAME}/ (excepting execs). We'll know more when people start trying to use the aa-easyprof. -- Jamie Strandboge | http://www.canonical.com
signature.asc
Description: This is a digitally signed message part
-- AppArmor mailing list AppArmor@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor