On 2016-06-22 08:54, John Johansen wrote: > On 06/21/2016 10:47 PM, Georg Schoenberger wrote: >> Hi Apparmor Team, >> >> I am currently working on a profile for PHP-FPM. Unfortunately the >> application is quite complicated, >> therefore I am thinking about using a blacklist (default allow) in the >> profile: >> * >> http://wiki.apparmor.net/index.php/FAQ#What_is_Default_Allow_.28Black_listing.29 >> >> Any examples on how to do that in the profile? >> > You allow everything and then use deny rules. > > profile example { > file, > network, > capability, > mount, > ptrace, > signal, > unix, > # err what ever else I am missing > > deny /foo rw, > deny capability sys_admin, > # ... > } > THX for the quick answer, exactly what I was looking for!
Any further docs on a complete list of operations? (# err what ever else I am missing) Regards, Georg -- AppArmor mailing list [email protected] Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor
