On 1/11/20 2:40 AM, [email protected] wrote: > Citát Sylvain Leroux <[email protected]>: > >> Thanks azur, >> >> On 11/01/2020 08:25, [email protected] wrote: >>> just put this in /etc/apparmor.d/local/usr.bin.thunderbird : >>> owner @{HOME}/.signature.d/** r, >> >> >> My issue is I don't want to change the system configuration. > > > This isnt' possible. That file is used to local changes only and won't be > replaced with updates. > > > >> I would like to grant the extra permission *only* for the user that needs >> it. > > So do this: > > owner /home/specific_user/.signature.d/** r, >
this is your best bet atm, you can do it without modifying the profile by adding a site specific rule if you are using any somewhat modern version of the profile. You can check by looking for the following rule # Site-specific additions and overrides. See local/README for details. #include <local/usr.bin.thunderbird> you can drop the above rule owner /home/specific_user/.signature.d/** r, into the /etc/apparmor.d/local/usr.bin.thunderbird file (if it doesn't exist just create it) and this will give you your site specific rule without having to modify the profile. See my other mail for a different more involved way to do it. -- AppArmor mailing list [email protected] Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor
