Hm, that is indeed the case. I already have
/usr/lib/cups/** ixr,
and some specialized rules like
/usr/lib/cups/backend/cups-pdf Px.
so that
/usr/lib/cups/filter/* Ux,
is a subset of the first rule. It seems that apparmor does not have a
concept of "prefer more special rules", which would allow that, and
other useful constructions like generally permit reading of /etc/** but
do not permit reading of /etc/shadow.
Thanks for pointing me at it. I'll reformulate the first /usr/lib/**
rule.
** Changed in: apparmor (Ubuntu)
Status: New => Invalid
--
Px and Ux do not work with globs
https://bugs.launchpad.net/bugs/139105
You received this bug notification because you are a member of Ubuntu
Bugs, which is the bug contact for Ubuntu.
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
