User
’
s
Gui
de
64
path is modified while retaining the filename extension. With one
click, /etc/apache2/file.ext becomes /etc/apache2/*.ext, adding the
wildcard (asterisk) in place of the file name. This will allow the pro-
gram to access all files in the suggested directory that end with the
".ext" extension. When you select it twice, access will be granted to
all files (with the particular extension) and subdirectories beneath
the one shown.
•
"E"dit:
Select
Edit
to edit the highlighted line. The new line will
appear at the bottom of the list.
•
Abo"r"t:
Aborts
logprof
, dumping all rule changes entered so
far and leaving all profiles unmodified.
•
"F"inish
: Closes
logprof
, saving all rule changes entered so far
and modifying all profiles.
Logprof Example 2
In an example from profiling
vsftpd
, we see this question:
Several items of interest appear in this question. First, note that
vsftpd
is asking for a path entry at the top of the tree, even though
vsftpd
by default on SuSE LINUX Enterprise Server 9 serves FTP
files from
/srv/ftp
. This is because
httpd2-prefork
uses
chroot
, and for the portion of the code inside the
chroot
jail, Novell
AppArmor sees file accesses in terms of the
chroot
environment,
rather than the global absolute path.
The second item of interest is that we may want to grant FTP read
access to
all
of the JPEG files in the directory, and so we could use the
Glob w/"E"xt
and use the suggested path of "
/*.jpg
”
.
Doi
ng
so
wi
l
l
collapse all previous rules granting access to individual .jpg files, and
forestall any future questions pertaining to access to .jpg files.
Profile:
/usr/sbin/
vsftpd
Path:
/y2k.jpg
New Mode: r
[1 - /y2k.jpg]
(A)llow / [(D)eny] / (N)ew / (G)lob / Glob w/(E)xt / Abo(r)t
/ (F)inish
