As the append permission is just a subset of the permissions associated with the write
mode, the
w
and
a
permission flags cannot be used together and are mutually exclusive.
21.7.4 File Locking Mode (k)
The application can take file locks. Former versions of AppArmor allowed files to be
locked if an application had access to them. By using a separate file locking mode,
AppArmor makes sure locking is restricted only to those files which need file locking
and tightens security as locking can be used in several denial of service attack scenarios.
21.7.5 Link Mode (l)
The link mode mediates access to hard links. When a link is created, the target file must
have the same access permissions as the link created (with the exception that the desti-
nation does not need link access).
21.7.6 Link Pair
The link mode grants permission to create links to arbitrary files, provided the link has
a subset of the permissions granted by the target (subset permission test). By specifying
origin and destination, the link pair rule provides greater control over how hard links
are created. Link pair rules by default do not enforce the link subset permission test
that the standard rules link permission requires. To force the rule to require the test the
subset
keyword is used. The following rules are equivalent:
/link
l,
link subset /link -> /**,
NOTE
Currently link pair rules are not supported by YaST and the command line tools.
Manually edit your profiles to use them. Updating such profiles using the tools
is safe, because the link pair entries will not be touched.
250
Security Guide
Содержание LINUX ENTERPRISE DESKTOP 11
Страница 1: ...SUSE Linux Enterprise Server www novell com 11 March 17 2009 Security Guide...
Страница 9: ...32 7 Managing Audit Event Records Using Keys 433 33 Useful Resources 435...
Страница 10: ......
Страница 29: ...Part I Authentication...
Страница 30: ......
Страница 55: ...Figure 4 2 YaST LDAP Server Configuration LDAP A Directory Service 41...
Страница 126: ......
Страница 127: ...Part II Local Security...
Страница 128: ......
Страница 158: ......
Страница 173: ...Part III Network Security...
Страница 174: ......
Страница 194: ......
Страница 197: ...Figure 16 2 Scenario 2 Figure 16 3 Scenario 3 Configuring VPN Server 183...
Страница 210: ......
Страница 228: ......
Страница 229: ...Part IV Confining Privileges with Novell AppArmor...
Страница 230: ......
Страница 274: ......
Страница 300: ......
Страница 328: ......
Страница 340: ......
Страница 342: ......
Страница 386: ......
Страница 387: ...Part V The Linux Audit Framework...
Страница 388: ......