Citát John Johansen <john.johan...@canonical.com>:
On 12/07/2017 02:00 PM, azu...@pobox.sk wrote:
Hi,
i have this rule in my profile:
owner /etc/passwd r,
Problem is, that application is running under lots of different
UIDs and all of them are trying to access /etc/passwd (which is not
needed, only master process, running under root, needs it). How to
get rid of the noise in the logs? I cannot do 'deny /etc/passwd r'
as it will deny also root (master process) to access /etc/passwd.
you can try an undocumented unsupported experimental feature, that
will be supported in the future but in a different form. Add the rule
deny other /etc/passwd r,
this will deny access to tasks with uids that are not the owner of
the file (fsuid != file uid), and the deny will quiet logging
because it is a known denial.
Works fine, thank you!
The other way is to use two profiles one for the master process and
another for all the other processes that should not be accessing the
file, but this can be inconvenient to set up.
Is this possible if application has no internal support for apparmor
(so it, for example, cannot change a hat to specified value when some
event happens) ?
--
AppArmor mailing list
AppArmor@lists.ubuntu.com
Modify settings or unsubscribe at:
https://lists.ubuntu.com/mailman/listinfo/apparmor