1

I want a AppArmor profile which denies a binary access to all files except .so-files/libraries and specific directories which it need access to.

#include <tunables/global> /home/test/rust-api/target/debug/python-executor flags=(complain) { # deny all outgoing network requests. deny network inet, deny network inet6, deny network tcp, deny network udp, #deny writing and executing all files. deny /** rwkx, # allow .sp files. allow /**.so* # allow files for smem and unixsockets. allow /home/test/rust-api/tmp/** rwk, allow /home/test/rust-api/tmp/sockets/** rwk, #allow reading python scripts in trading_algos. allow /home/test/rust-api/trading_algos/** r, }

I thought I could just do deny /** rwkx to deny all files and later specify what files to allow. But still AppArmor denies access to all files.

Improve this question

0

Reset to default

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.