On 2017.11.05 13:10, intrigeri wrote:
Is it possible to deny all of these file_inherit somehow?
Probably, with a wide deny rule such as (/**).
It it possible to select file_inherit only? I mean, this will not allow even mmap executable itself, and it would deny
all these file rules in <abstraction/base>, wouldn't it?
In this case:
```
/{,usr}/bin/locale Cx -> locale,
profile locale {
#include <abstractions/base> # has to work
/{,usr}/bin/locale mr, # has to work
deny /* something something ? What could I write here? Is there deny
file_inherit /** ? */
}
```
--
AppArmor mailing list
[email protected]
Modify settings or unsubscribe at:
https://lists.ubuntu.com/mailman/listinfo/apparmor
