On 02/19/2015 02:02 PM, Robert Schroll wrote: > On Wed, Feb 18, 2015 at 3:28 PM, Jamie Strandboge <ja...@canonical.com> wrote: >> Hard links are treated as different paths in apparmor so for a file with 2 >> links, you may have rules for both or either to access the file. Once it >> passes >> the LSM (AppArmor) it should behave as you expect (eg, if one app is allowed >> 'w'rite access to one link and the other app is allowed 'w'rite access to the >> other link, both apps may modify the file). > > Thanks. In that case my question becomes, what are the apparmor rules > governing > ~/.cache/<appid>/HubIncoming/? >
$ tail -6 /usr/share/apparmor/easyprof/policygroups/ubuntu/1.2/content_exchange
# LP: #1293771
# Since fd delegation doesn't exist in the form that we need it at this time,
# content-hub will create hard links in ~/.cache/@{APP_PKGNAME}/HubIncoming/
# for volatile data. As such, apps should not have write access to anything in
# this directory otherwise they would be able to change the source content.
deny @{HOME}/.cache/@{APP_PKGNAME}/HubIncoming/** w,
Note: an explict deny rule suppresses the denial in the logs
--
Jamie Strandboge http://www.ubuntu.com/
signature.asc
Description: OpenPGP digital signature
-- Mailing list: https://launchpad.net/~ubuntu-phone Post to : ubuntu-phone@lists.launchpad.net Unsubscribe : https://launchpad.net/~ubuntu-phone More help : https://help.launchpad.net/ListHelp
