AppArmor - restrict a directory by default (whitelist)

AdamBuilder

12/13/22, 2:57 PM

I'm looking into AppArmor and from what I have seen, it seems like it allows access to everything by default and only puts access restrictions to application for which a profile has been created.

Is it possible to do opposite? - to deny access to a specific directory by default system wide and only allow access to it if it has been added in an application profile?

Example: You have some documents and you only want the document editor application to be able to access them. You create a profile for the document editor application, but do not have to bother blocking other apps from accessing it because it's restricted by default.

0 + 0

permissions

apparmor

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: AppArmor - restrict a directory by default (whitelist)

TH: AppArmor - จำกัดไดเร็กทอรีตามค่าเริ่มต้น (รายการที่อนุญาต)

RO: AppArmor - restricționează un director în mod implicit (listă albă)

RU: AppArmor — ограничить каталог по умолчанию (белый список)

VI: AppArmor - hạn chế một thư mục theo mặc định (danh sách trắng)

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.