[apparmor] give a permission to a specific process
beroal
me at beroal.in.ua
Tue Nov 16 09:44:15 UTC 2021
Hi. I wonder whether AppArmor allows to give a permission to a specific
process. A use case: there are UI programs (editors, viewers) that need
temporary access to a file specified by a user (to edit, to view).
Unfortunately, AppArmor profiles give permissions to executable files.
For example, if a user gives executable $E access to /tmp/$F, any user
will have access to /tmp/$F by executing $E. Hence a user need a feature
which gives permission $R to any process that executes executable $E
**as a user $U** where $R, $E, and $U are specified by the user. A
feature which gives permission $R to process $P would be nice too, but
isn't essential. There is a problem how a non-root can use this feature,
but it's a separate topic.
Does AppArmor have such a feature? Maybe, there is a better tool for
this use case?
More information about the AppArmor
mailing list