Mailinglist Archive: opensuse-security (11 mails)

< Previous Next >
Re: [opensuse-security] apparmor syntax adding a file

Am Montag, 28. März 2016, 15:31:36 CEST schrieb Malte Gell:
is there an AppArmor permission syntax that allows for adding a new
file, but does not allow to delete or change existing files?

More or less ;-)

The 'a' (append) permission is close to what you are looking for.
It allows creating a file and appending data to it. (Typical usecase: log

Note that the application must call open() with the O_APPEND flag. If it
open()s the file without that flag, the append permission won't allow
writing to the file, even if the application actually only appends
something to the file.


Christian Boltz
We break the translation consistently (wow, consistent break, I like
that wording) [from]

To unsubscribe, e-mail: opensuse-security+unsubscribe@xxxxxxxxxxxx
To contact the owner, e-mail: opensuse-security+owner@xxxxxxxxxxxx

< Previous Next >
List Navigation