On 4/16/21 10:48 AM, Murali Selvaraj wrote: > Hi All, > > We have observed few configuration files are present in /tmp which are > needed for certain processes. > For example, few of the files are hidden files located in /tmp/. > > In that case, shall we add below entry > > /tmp/** rw, >
you could add that, it would cover all files in /tmp/ > or Do we need to add entries for file specific as below > > /tmp/file.txt r, > /tmp/.init_complete rw, > > Which would be the best way for security concern especially for > embedded devices ? > Please advise. > From a security stand point the more specific you can be the better. So if those file names don't change only granting access to those is more secure than the general globbing rule of /tmp/** rw, -- AppArmor mailing list AppArmor@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor
