Mailinglist Archive: opensuse-security (11 mails)

< Previous Next >
Re: [opensuse-security] apparmor syntax adding a file
Hello,

Am Montag, 28. März 2016, 15:31:36 CEST schrieb Malte Gell:
is there an AppArmor permission syntax that allows for adding a new
file, but does not allow to delete or change existing files?

More or less ;-)

The 'a' (append) permission is close to what you are looking for.
It allows creating a file and appending data to it. (Typical usecase: log
files.)

Note that the application must call open() with the O_APPEND flag. If it
open()s the file without that flag, the append permission won't allow
writing to the file, even if the application actually only appends
something to the file.


Regards,

Christian Boltz
--
We break the translation consistently (wow, consistent break, I like
that wording) [from https://bugzilla.novell.com/show_bug.cgi?id=165509]

--
To unsubscribe, e-mail: opensuse-security+unsubscribe@xxxxxxxxxxxx
To contact the owner, e-mail: opensuse-security+owner@xxxxxxxxxxxx

< Previous Next >
List Navigation
References