Re: AppArmor Support Thread
Basically the opposite actually. The "owner" keyword means the rule only applies to the file (or directory/socket/device) owner. If you have /abc owned by user1, then the rule denies read access to only user1. Other users may be denied access via other means (like UNIX permissions or ACLs) but the AppArmor rule is what blocks user1.
Originally Posted by rileinc
Why one would want to use "deny owner" I'm not too sure, but I'm sure if I put some thought into it I'd end up rewriting half my profiles to use it
Tags for this Thread