On 17/09/2019 14:53, Seth Arnold wrote:
> On Thu, Sep 12, 2019 at 04:20:22PM +0200, Mikhail Morfikov wrote:
>> Shouldn't be here some "x" or "m" permissions, or maybe AppArmor assumes
>> this automatically for the confined path, so it's redundant to specify it
>> manually?
>
> Interpreters are
On Thu, Sep 12, 2019 at 04:20:22PM +0200, Mikhail Morfikov wrote:
> Shouldn't be here some "x" or "m" permissions, or maybe AppArmor assumes
> this automatically for the confined path, so it's redundant to specify it
> manually?
Interpreters are handled differently:
When I add a profile for some app, and this profile wants to execute or
map some file, it usually wants the "x" (operation="exec") or "m"
(operation="file_mmap") permissions. But what about the path the profile
confines?
For instance, I have a perl script under /usr/bin/some_app . When I
