Quote Originally Posted by rileinc View Post
What's the difference these?
deny /abc r,
deny owner /abc r,
I looked around and found this but I don't understand what it means.

Does it mean the owner is exempt from the rule?
Basically the opposite actually. The "owner" keyword means the rule only applies to the file (or directory/socket/device) owner. If you have /abc owned by user1, then the rule denies read access to only user1. Other users may be denied access via other means (like UNIX permissions or ACLs) but the AppArmor rule is what blocks user1.

Why one would want to use "deny owner" I'm not too sure, but I'm sure if I put some thought into it I'd end up rewriting half my profiles to use it