Novell LINUX ENTERPRISE DESKTOP 11 - SECURITY GUIDE 17-03-2009 Manual page 212
Hide thumbs
Also See for LINUX ENTERPRISE DESKTOP 11 - SECURITY GUIDE 17-03-2009:
- Administration manual (338 pages) ,
- Deployment manual (246 pages) ,
- Application manual (364 pages)
Table of Contents
Advertisement
A link pair rule specifying the source and the target of a link. See
"Link Pair"
The curly braces ({}) make this rule apply to the path both with and without the
content enclosed by the braces.
A path entry specifying what areas of the file system the program can access. The
first part of a path entry specifies the absolute path of a file (including regular
expression globbing) and the second part indicates permissible access modes (for
example r for read, w for write, and x for execute). A whitespace of any kind
(spaces or tabs) can precede pathnames or separate the pathname from the access
modes. Spaces between the access mode and the trailing comma is optional. Find
a comprehensive overview of the available access modes in
Permission Access Modes"
This variable expands to a value that can be changed without changing the entire
profile.
An owner conditional rule, granting read and write permission on files owned by
11
the user. Refer to
information.
This entry defines a transition to the local profile /usr/bin/foobar. Find a
12
comprehensive overview of the available execute modes in
Modes"
A named profile transition to the profile bin_generic located in the global scope.
13
See
The local profile /usr/bin/foobar is defined in this section.
14
This section references a "hat" subprofile of the application. For more details on
15
AppArmor's ChangeHat feature, refer to
tions Using ChangeHat
When a profile is created for a program, the program can access only the files, modes,
and POSIX capabilities specified in the profile. These restrictions are in addition to the
native Linux access controls.
Example:
to CAP_CHOWN under conventional Linux access controls (typically, be a root-owned
process) and have the capability chown in its profile. Similarly, to be able to write to
the file /foo/bar the program must have both the correct user ID and mode bits set
200
Security Guide
(page 210) for more information.
Section 21.7.7, "Owner Conditional Rules"
(page 212).
Section 21.8.7, "Named Profile Transitions"
(page 275).
To gain the capability CAP_CHOWN, the program must have both access
(page 209).
Chapter 25, Profiling Your Web Applica-
Section 21.7.6,
Section 21.7, "File
(page 211) for more
Section 21.8, "Execute
(page 214) for details.
Advertisement
Table of Contents
Related Manuals for Novell LINUX ENTERPRISE DESKTOP 11 - SECURITY GUIDE 17-03-2009
Related Products for Novell LINUX ENTERPRISE DESKTOP 11 - SECURITY GUIDE 17-03-2009
- NOVELL EDIRECTORY 8.8 SP2 - GUIDE 10-2007
- NOVELL EDIRECTORY 8.8 SP5 - GUIDE 12-2009
- NOVELL IDENTITY MANAGER 3.6.1 - WORKORDER DRIVER IMPLEMENTATION GUIDE 18-12-2009
- NOVELL LINUX ENTERPRISE 11 - SUBSCRIPTION MANAGEMENT TOOL GUIDE 10-02-2009
- NOVELL OPEN ENTERPRISE SERVER - CONVERSION GUIDE 12-2010
- NOVELL OPEN ENTERPRISE SERVER 2 SP2 - PLANING AND IMPLEMENTATION GUIDE 11-10-2009
- NOVELL PLATESPIN ORCHESTRATE 2.0.2 - UPGARDE GUIDE 10-09-2009
- NOVELL PLATESPIN ORCHESTRATE 2.0.2 - VIRTUAL MACHINE MANAGEMENT GUIDE 10-17-2009
- NOVELL PRODUCT NAME 10.3 - DEPLOYING ZENWORKS ON CITRIX SERVER BEST PRACTICES GUIDE 12-13-2010
- NOVELL SERVER CONSOLIDATION MIGRATION TOOLKIT 1.1 - ADMINISTRATION GUIDE 12-23-2005
- NOVELL ZENWORKS APPLICATION VIRTUALIZATION 8.0.2 - INTEGRATION AND STREAMING GUIDE 11-2010
- NOVELL ACCESS MANAGER 3.1 SP1 - SSL VPN SERVER GUIDE 03-17-2010
- NOVELL CUSTOMER CENTER 2.3 - GUIDE 4-8-2009
- NOVELL IFOLDER 3.X - SECURITY ADMINISTRATOR GUIDE 08-15-2006
- NOVELL LINUX ENTERPRISE SERVER 10 - START-UP GUIDE 06-12-2006
- NOVELL LINUX ENTERPRISE SERVER 10 SP2 - STORAGE ADMINISTRATION GUIDE 05-15-2009