Citát Sylvain Leroux :
Thanks azur,
On 11/01/2020 08:25, azu...@pobox.sk wrote:
just put this in /etc/apparmor.d/local/usr.bin.thunderbird :
owner @{HOME}/.signature.d/** r,
My issue is I don't want to change the system configuration.
This isnt' possible. That file is used to local chang
Hi,
just put this in /etc/apparmor.d/local/usr.bin.thunderbird :
owner @{HOME}/.signature.d/** r,
azur
Citát Sylvain Leroux :
Hi everyone,
I'm a seasoned Linux administrator but I have little prior experience
with AppArmor. FWIW, I already have asked this question on the
SuperUser Stac
Citát Arkadiusz Miśkiewicz :
On Tuesday 06 of March 2018, azu...@pobox.sk wrote:
Hi,
i'm trying to allow users to run applications like ps or htop while
seeing only their own processes. Htop, for example, needs read
permission to /proc//cmdline BUT when a process changes uid from
root to user
Hi,
i'm trying to allow users to run applications like ps or htop while
seeing only their own processes. Htop, for example, needs read
permission to /proc//cmdline BUT when a process changes uid from
root to user, this happens:
- directory /proc// is correctly owned by user
- file /proc/
Citát John Johansen :
On 12/07/2017 02:00 PM, azu...@pobox.sk wrote:
Hi,
i have this rule in my profile:
owner /etc/passwd r,
Problem is, that application is running under lots of different
UIDs and all of them are trying to access /etc/passwd (which is not
needed, only master process, r
Hi,
i have this rule in my profile:
owner /etc/passwd r,
Problem is, that application is running under lots of different UIDs
and all of them are trying to access /etc/passwd (which is not needed,
only master process, running under root, needs it). How to get rid of
the noise in the logs?
Citát Seth Arnold :
On Wed, Aug 24, 2016 at 09:10:35PM +0200, azu...@pobox.sk wrote:
>On Wed, Aug 24, 2016 at 10:46:49AM +0200, azu...@pobox.sk wrote:
>> owner=fred
can i, somehow, speed up the implementation? To financially sponsor it for
example?
Not that i know of, all the engineers th
Citát Seth Arnold :
On Wed, Aug 24, 2016 at 10:46:49AM +0200, azu...@pobox.sk wrote:
owner=fred
owner=1001
owner=(fred)
owner=(fred george)
owner=(fred 1001)
Is this still not supported? If not, when it will be? Is support missing
only in userspace tools or directly in kernel?
Hello
Hi,
this is written in AppArmor wiki (
http://wiki.apparmor.net/index.php/AppArmor_Core_Policy_Reference ):
===
extended ownership tests (not currently supported)
If the optional equal operator is used then, the test is not against
the euid/fsuid but that the object has the same uid as th
Hi,
i'm trying to create some kind of RBAC system for web applications using
apparmor + mod_apparmor (Apache web server). mod_apparmor is able to assing
different hats for different URIs, which is kinda cool. The problem is that i
want to use the same hats for different users/domains who/which
Hi,
does apparmor supports nested child profiles or child profiles inside hats? I'm
asking because i'm having problems with execution using 'cx' permission inside
a hat. I'm unable to create a child profile directly inside hat because of this
error:
apparmor_parser: Unable to replace "test". P
Hi,
i'm little confused about how changing hat is supposed to work. Example from my
environment:
I have Apache web server which serves web sites of our users. It has only
privileges which users needs. The same Apache (but another instance) is serving
also administration system - it needs little
Hi,
is there a way how can i deny symlinks creation? Thank you.
azur
--
AppArmor mailing list
AppArmor@lists.ubuntu.com
Modify settings or unsubscribe at:
https://lists.ubuntu.com/mailman/listinfo/apparmor
>On 08/07/2013 05:29 AM, azurIt wrote:
>> Hi,
>>
>> i'm trying to use mod_apparmor in Apache but every request is creating new
>> profile inside kernel, which looks like this:
>>/usr/lib/apache2/mpm-itk/apache2//DEFAULT_URI//null-1001
>>/usr/li
Hi,
i'm trying to use mod_apparmor in Apache but every request is creating new
profile inside kernel, which looks like this:
/usr/lib/apache2/mpm-itk/apache2//DEFAULT_URI//null-1001
/usr/lib/apache2/mpm-itk/apache2//DEFAULT_URI//null-1003
/usr/lib/apache2/mpm-itk/apache2//DEFAULT_URI//nu
Hi,
are there somewhere a Python 2.6 bindings for apparmor ? Thnx.
azur
--
AppArmor mailing list
AppArmor@lists.ubuntu.com
Modify settings or unsubscribe at:
https://lists.ubuntu.com/mailman/listinfo/apparmor
> Hi,
>
> i'm having problems with audit rule modifier - it's just not
> working when used alone. I'm trying to enable only logging with
> this:
> audit /home/** a,
> audit /home/** w,
By only logging
> Hi,
>
> i'm having problems with audit rule modifier - it's just not
> working when used alone. I'm trying to enable only logging with
> this:
> audit /home/** a,
> audit /home/** w,
By only logging
> Hi,
>
> i'm having problems with audit rule modifier - it's just not
> working when used alone. I'm trying to enable only logging with
> this:
> audit /home/** a,
> audit /home/** w,
By only logging
>> Hi,
>>
>> i'm having problems with audit rule modifier - it's just not working
>> when used alone. I'm trying to enable only logging with this:
>> audit /home/** a,
>> audit /home/** w,
> By only logging you mean logging of an access but n
Hi,
i'm having problems with audit rule modifier - it's just not working
when used alone. I'm trying to enable only logging with this:
audit /home/** a,
audit /home/** w,
>>> By only logging you mean logging of an access but not granting
>
Hi,
i'm having problems with audit rule modifier - it's just not working when used
alone. I'm trying to enable only logging with this:
audit /home/** a,
audit /home/** w,
By only logging you mean logging of an access but not granting permission?
I mean logging of an access AND granting permi
Hi,
i'm having problems with audit rule modifier - it's just not working when used
alone. I'm trying to enable only logging with this:
audit /home/** a,
audit /home/** w,
By only logging you mean logging of an access but not granting permission?
I mean logging of an access AND granting permi
>> Hi,
>>
>> i'm having problems with audit rule modifier - it's just not working when
>> used alone. I'm trying to enable only logging with this:
>> audit /home/** a,
>> audit /home/** w,
>By only logging you mean logging of an access but not granting permission?
I mean logging of an access AN
Hi,
i'm having problems with audit rule modifier - it's just not working when used
alone. I'm trying to enable only logging with this:
audit /home/** a,
audit /home/** w,
It should work according to documentation (
http://wiki.apparmor.net/index.php/QuickProfileLanguage#Rule_Modifiers ) but
it
25 matches
Mail list logo