On Wed, Apr 11, 2012 at 11:22:20AM -0500, Jamie Strandboge wrote: > On Wed, 2012-04-11 at 07:50 -0700, Steve Beattie wrote: > > On Tue, Apr 10, 2012 at 05:06:59PM -0500, Jamie Strandboge wrote: > > > > +=item B<mount options=ro, mount options=atime /dev/foo,> > > > > Doesn't the first part need to be 'mount options=ro /dev/foo,' in order > > for it to allow the mount of only /dev/foo anywhere? > > I'd like for John to comment here, but based on the wiki[1], no. Eg: > > "When both = and in conditional operators are used the options within > each condition type can be combined and split interchangeably. > > mount options=(ro, acl) options in (nodev, user)"
Right, except your example has two rules, no? mount options=ro, mount options=atime /dev/foo, if it were mount options=ro options=atime /dev/foo, then it would do what you want, I think. At least, based on my understanding of how the rules work. -- Steve Beattie <[email protected]> http://NxNW.org/~steve/
signature.asc
Description: Digital signature
-- AppArmor mailing list [email protected] Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor
