-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
Hi everyone, I'm a seasoned Linux administrator but I have little prior experience with AppArmor. FWIW, I already have asked this question on the SuperUser StackExchange web site this afternoon [1], but it received little interest, and I now have little hopes to have an answer there. Our Linux Debian boxes have a standard policy for the Thunderbird email client in `/etc/apparmor.d/usr.bin.thunderbird` One user needs Thunderbird to have read access to the files stored in his `${HOME}/signature.d/` folder. Is there a way to create a user-specific profile that _includes_ the default profile settings, but granting extra access the the needed files? I didn't find any reference about that particular use case, and my first attempts were unsuccessful. But I can't say if my syntax was wrong, of if this wasn't possible at all. Here what I tried: ``` $ cat "${HOME}/.apparmor.d/usr.bin.thunderbird" #include </etc/apparmor.d/usr.bin.thunderbird> profile thunderbird @{thunderbird_executable} { owner @{HOME}/.signature.d/** r, } $ sudo systemctl restart apparmor ``` This doesn't seem to change anything. At such point I don't think the user-specific profile is read at all. Could you help me fixing that? Thanks a lot, - - Sylvain Leroux [1] https://superuser.com/questions/1516181/configure-apparmor-to-allow-file-access-on-a-per-user-basis - -- - -- Sylvain Leroux - -- sylv...@chicoree.fr - -- http://www.chicoree.fr -----BEGIN PGP SIGNATURE----- iQJIBAEBCAAyFiEEl5bRd1eLmzy/wTZWq1gfHR9hxSIFAl4Y9bUUHHN5bHZhaW5A Y2hpY29yZWUuZnIACgkQq1gfHR9hxSITsQ/9E2fDh2LtM/rlkKhE8oIkeWQCvv0b d91TWmvVp5N0XFtrxSWrLRGrQTuwIhYGUPQWn7FX5M/9yiqO2ZdxTcy/VZ5WK5mE 16/QHziU8HwLL+4eGZAHLI5Q81Fjq2Zx2Lyin21r6tiQn/Tc1CMS5WqnkUqMUZ3V JjRXmQwfg+VAzsY8w+lDVK1iFRNzcGvcCbiEcDSzXsB+QfEA5R0xtTB5Z63+U7Kw z2qG1X8SpcIJMgg7M7v6x2wl8LKNEnb/PoXfdX+HV0KBh+IRipJk/sgCyuJs19cd hgdCtGVbOKxM+daTZnH6DKVWnCujaTTo5kBVPduuDCFyBT7iP1hUwe08NnC8rmLc x6W+gsQ6YZ1UQo/36iHXUrF+tohsSn0JvJR4yu1XEb93jthnnZeWFj+naX/DAbAa m7fAqgUwHMyETz3xIRxwdKTc/wQOh+2rVf83JWfuIyV0HauK9JMsXjS5dKZYH3fp iHA6mZmOPw8ZlWcSzOP7JYbIJSd/E/G6mudLL8CRGhCshuX+dXnLBDJDZJVzqch6 6hGKShK1fyGID5NU2iEmuyeo+KgpSHBu2AY2uhqmNfPEwKeOPyF6YzU9NNzjCqh6 O3T6uQ1rUFslj9KNMvuCquvIJr3M79rykLkT6pnyTkBaj72NnA4M/hVNi2IrSuAz CZ+tQnWZZn3GGls= =5AQW -----END PGP SIGNATURE----- -- AppArmor mailing list AppArmor@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor