Hello. I'm trying to create/write a profile for a transmission-gtk application. Everything seems to work okay, but there is a couple of things which creates a DENIED messages in a log files (e.g. /var/log/kern.log) etc.
Firstly, I would like to ask about 'requested_mask' and 'denied_mask' with 'rwc' value. What is the right access rule (in AppArmor profile) that is responsible for 'rwc' action? How such rule should look like? 'r' stands for (read), 'w' stands for (write) and what 'c' means? Create? >> an example of 'rwc' mask (an exception from the log file): name="/home/dan/.cache/dconf/user" requested_mask="rwc" denied_mask="rwc" >> ...and an example rule for the above entry: owner @{HOME}/.cache/dconf/user rw, Secondly, transmission-gtk is trying to access the encrypted data in '$HOME/.ecryptfs/user/.Private'. Some important configuration information are stored in $HOME/.ecryptfs, right? 'requested' and 'denied_mask' is "w" (write). Should I allow transmission-gtk to access this directory/location? If yes, is this a sufficient rule?: >> maybe it should be restricted with 'owner'? /home/.ecryptfs/user/.Private/ rw, There is one more thing: name="/proc/sys/kernel/random/uuid". Requested and denied mask is "r" (read). What about this one? Can I allow transmission-gtk to read uuid? If yes, is this an okay rule?: @{PROC}/sys/kernel/random/uuid r, That's all for now. These are things that I'm most interested in. And I hope, that I've described it well. Here are some details: Ubuntu 12.04 LTS i686 (latest Linux kernel) with AppArmor 2.7.102-0ubuntu3.10. Best regards.
-- AppArmor mailing list AppArmor@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor