[apparmor] profile help request: operation="rename_src"
apparmor at raf.org
apparmor at raf.org
Thu Mar 10 01:21:07 UTC 2016
John Johansen wrote:
> On 03/09/2016 04:19 PM, apparmor at raf.org wrote:
>
> > You don't need to read or write permissions on a file
> > in order to rename it. You only need read and write
> > permissions on the directory that contains it.
>
> No. That is standard unix DAC. Apparmor's permission
> model is a little different because it allows expressing
> things DAC can't. Eg. you can specify which files in
> a directory can be created, not just that you have
> write access to the directory.
>
> For rename you need the rename permission, however that
> isn't directly exposed at the moment and is hidden behind
> r (its for historic reasons, where yes rename was treated
> like copy).
Now it makes sense. Thanks for the explanation.
cheers,
raf
More information about the AppArmor
mailing list