On 2017.11.12 16:16, intrigeri wrote:
Sorry, I have no good solution to propose. Either you need to
explicitly deny each inherited file. Or you can deny everything ("deny
/**") and then add exceptions for what locale really needs to access,
Doesn't deny overrides everything what is allowed? Not
hi,
Vincas Dargis:
> On 2017.11.05 13:10, intrigeri wrote:
>>> Is it possible to deny all of these file_inherit somehow?
>>
>> Probably, with a wide deny rule such as (/**).
> It it possible to select file_inherit only?
I don't think so.
> I mean, this will not allow even mmap
> executable itse
On 2017.11.05 13:10, intrigeri wrote:
Is it possible to deny all of these file_inherit somehow?
Probably, with a wide deny rule such as (/**).
It it possible to select file_inherit only? I mean, this will not allow even mmap executable itself, and it would deny
all these file rules in , woul
Vincas Dargis:
> And no, it does not actually opens files from `/usr/share/skypeforlinux/*`,
> etc.
> So, basically, what's happening here? Is it because `skypeforlinux` executed
> child
> process in some "special" way, or it's just "natural" way of how Linux
> applications
> work..?
file_inhe
Hi,
While developing `usr.bin.skypeforlinux` (for the new Skype version, it's an Electron app) profile on Ubuntu 17.10 VM, I
have discovered file_inherit denies which I would like to understand with your help.
`usr.bin.skypeforlinux` profile has these lines to allow executing
`/usr/bin/locale
