[opensuse-security] apparmor syntax adding a file
Hi, is there an AppArmor permission syntax that allows for adding a new file, but does not allow to delete or change existing files? Thanx -- To unsubscribe, e-mail: opensuse-security+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-security+owner@opensuse.org
Hello, Am Montag, 28. März 2016, 15:31:36 CEST schrieb Malte Gell:
is there an AppArmor permission syntax that allows for adding a new file, but does not allow to delete or change existing files?
More or less ;-) The 'a' (append) permission is close to what you are looking for. It allows creating a file and appending data to it. (Typical usecase: log files.) Note that the application must call open() with the O_APPEND flag. If it open()s the file without that flag, the append permission won't allow writing to the file, even if the application actually only appends something to the file. Regards, Christian Boltz -- We break the translation consistently (wow, consistent break, I like that wording) [from https://bugzilla.novell.com/show_bug.cgi?id=165509] -- To unsubscribe, e-mail: opensuse-security+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-security+owner@opensuse.org
participants (2)
-
Christian Boltz -
Malte Gell