[apparmor] [PATCH] aa-easyprof updates
Steve Beattie
steve at nxnw.org
Sat Jul 6 00:42:41 UTC 2013
On Fri, Jul 05, 2013 at 05:17:48PM -0700, Seth Arnold wrote:
> On Mon, Jul 01, 2013 at 05:15:07PM -0500, Jamie Strandboge wrote:
>
> > @@ -428,6 +546,7 @@
> > s = "%s# No read paths specified" % prefix
> > if len(read_path) > 0:
> > s = "%s# Specified read permissions" % (prefix)
> > + read_path.sort()
> > for i in read_path:
> > for r in self.gen_path_rule(i, 'r'):
> > s += "\n%s%s" % (prefix, r)
> > @@ -438,17 +557,109 @@
> > s = "%s# No write paths specified" % prefix
> > if len(write_path) > 0:
> > s = "%s# Specified write permissions" % (prefix)
> > + write_path.sort()
> > for i in write_path:
> > for r in self.gen_path_rule(i, 'rwk'):
> > s += "\n%s%s" % (prefix, r)
> > policy = re.sub(r' *%s' % search, s, policy)
>
> We may also need a way to allow profile authors to push 'k' through on
> files that they'll only read. (Maybe all these cases will already be
> handled via abstractions.)
Abstractions will help in some cases, but I think you're correct;
consider stuff like application specific sqlite databases.
--
Steve Beattie
<sbeattie at ubuntu.com>
http://NxNW.org/~steve/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: Digital signature
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20130705/fd7d8894/attachment-0001.pgp>
More information about the AppArmor
mailing list