On Fri, Jul 05, 2013 at 05:17:48PM -0700, Seth Arnold wrote: > On Mon, Jul 01, 2013 at 05:15:07PM -0500, Jamie Strandboge wrote: > > > @@ -428,6 +546,7 @@ > > s = "%s# No read paths specified" % prefix > > if len(read_path) > 0: > > s = "%s# Specified read permissions" % (prefix) > > + read_path.sort() > > for i in read_path: > > for r in self.gen_path_rule(i, 'r'): > > s += "\n%s%s" % (prefix, r) > > @@ -438,17 +557,109 @@ > > s = "%s# No write paths specified" % prefix > > if len(write_path) > 0: > > s = "%s# Specified write permissions" % (prefix) > > + write_path.sort() > > for i in write_path: > > for r in self.gen_path_rule(i, 'rwk'): > > s += "\n%s%s" % (prefix, r) > > policy = re.sub(r' *%s' % search, s, policy) > > We may also need a way to allow profile authors to push 'k' through on > files that they'll only read. (Maybe all these cases will already be > handled via abstractions.)
Abstractions will help in some cases, but I think you're correct; consider stuff like application specific sqlite databases. -- Steve Beattie <[email protected]> http://NxNW.org/~steve/
signature.asc
Description: Digital signature
-- AppArmor mailing list [email protected] Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor
