On 25 October 2017 at 23:03, harshad wadkar <harshad.wad...@gmail.com> wrote: > My information : > Name : Harshad Wadkar > Student : PhD student > Area of Interest : Browser security, Operating system security. > > Sir, > > I am trying to solve a problem wherein I would like to give (read, write) > access to file X, if it is accessed by only application Y and again if the > application Y is invoked by root user. > > I have gone through the documentation of Apparmor, seccomp etc. But not able > to find solution to the problem I am trying to solve. > > If you can suggest me a tool or api or library that will help me to solve my > problem, it will be great.
You could set the file ownership to root and chmod it 600. Then use selinux to patch the context of the file and the application so that the file can only be opened by that application. I don't know how to do the latter off the top of my head but there should be howtos out there for it. Siddhesh -- https://siddhesh.in _______________________________________________ plug-mail mailing list plug-mail@plug.org.in http://list.plug.org.in/listinfo/plug-mail
