On Wed, Jun 26, 2013 at 07:54:46AM +0800, Aaron Lewis wrote:
> Hi,
>
> Looks like I can use rwmc altogether, am I wrong?
>
> owner @{HOME}/.config/google-googletalkplugin/{**,} rwmc,
I can't see 'c' support in our current parser source code, not can I get
this to work in a test profile:
$ echo "/t { / rwmc, }" | apparmor_parser -Q -d
Warning from stdin (line 1): apparmor_parser: cannot use or update cache,
disable, or force-complain via stdin
AppArmor parser error, in stdin line 1: syntax error, unexpected TOK_ID,
expecting TOK_MODE
But removing the 'c':
$ echo "/t { / rwm, }" | apparmor_parser -Q -d
Warning from stdin (line 1): apparmor_parser: cannot use or update cache,
disable, or force-complain via stdin
----- Debugging built structures -----
Name: /t
Profile Mode: Enforce
--- Entries ---
Mode: rwam:rwam Name: (/)
$
When the kernel logs a denied mode of 'c', it is indeed a process trying
to create the file, but there is currently no way to give _only_ this
privilege to a process. 'w' will also grant this permission.
All you need is 'rwm'.
Thanks
signature.asc
Description: Digital signature
-- AppArmor mailing list AppArmor@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor
