AppArmor file permission 'append' denies file creation
All this work is being done on an up-to-date 14.04 server running apparmor{
While trying to sort out the appropriate AppArmor bits to control logging, I'm seeing the file permission 'append' deny create access to a file, where I would have expected this to not be denied. It also denies 'file_perm', but it's unclear if this would be expected to work. I can fix the situation by updating the profile to use the 'write' permission instead of 'append', but this is less than ideal.
http://
In addition, http://
From https:/
However, in writing up a simple test program in Go, I'm seeing AppArmor deny create permissions where 'append' is allowed.
The Go code:
-----
func main() {
logFile, err = os.OpenFile(
n, err := logFile.
if err != nil {
}
}
-----
The AppArmor profile:
-----
#include <tunables/global>
/opt/test/bin/test {
#include <abstractions/base>
/opt/
}
-----
When set to enforce, the program spits out an error:
-----
% /opt/test/bin/test
0 invalid argument
%
-----
And AppArmor logs the DENIED message:
-----
kernel: [ 5687.957758] type=1400 audit(140474368
-----
When set to complain, the program works as expected (as expected):
-----
% /opt/test/bin/test
%
-----
And AppArmor logs three calls with which it has an issue:
-----
kernel: [ 5949.505626] type=1400 audit(140474394
kernel: [ 5949.505643] type=1400 audit(140474394
kernel: [ 5949.505758] type=1400 audit(140474394
-----
I'm not sure what's going on with the 'file_perm' stuff either -- I thought that would have required 'chmod', but that doesn't appear to be the case.
Question information
- Language:
- English Edit question
- Status:
- Answered
- For:
- Ubuntu apparmor Edit question
- Assignee:
- No assignee Edit question
- Last query:
- Last reply:
Can you help with this problem?
Provide an answer of your own, or ask Damian Gerow for more information if necessary.