Hello, I'm trying to secure and restrict access of a bash script which need to perform actions on a symlink (update timestamp and create it if missing). Is it possible to use an AppArmor Link Rules for a symbolic link or is it only for hard link ? I don't find information about symbolic link. According to AppArmor Core Policy Reference at https://gitlab.com/apparmor/apparmor/-/wikis/AppArmor_Core_Policy_Reference only hard link is specified. Bash script use ln which requires two rules/path/symlink rw,/path/[A-Za-Z0-9][A-Za-Z0-9][A-Za-Z0-9][A-Za-Z0-9][A-Za-Z0-9][A-Za-Z0-9][A-Za-Z0-9][A-Za-Z0-9] rw,
The second one is required because ln create a temporary file as /path/CgX8vf6d and it names changes each time. Without this rule ln fail and audit record denied access for /path/CgX8vf6d in creation.But I don't like this rule because it opens potential access to all files in /path in rw which is a sensitive folder. I would like to know if it's possible to use a link rule to avoid the second one which require rw for read and creation. I tried using a link rule but it never worked but it could be misuse by myself. Thank you in advance. Regards
-- AppArmor mailing list [email protected] Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor
