You are not logged in.
I'm trying to create an AppArmor profile using aa-genprof. Unfortunately it seems not to work as expected:
# aa-genprof /home/user/somescript
...
[(S)can system log for AppArmor events] / (F)inish
Reading log entries from /var/log/audit/audit.log.
Updating AppArmor profiles in /etc/apparmor.d.
Profiling: /home/user/somescript
[(S)can system log for AppArmor events] / (F)inish
Reloaded AppArmor profiles in enforce mode.
...The profile then looks like this:
# Last Modified: Mon Aug 3 12:40:55 2015
#include <tunables/global>
/home/user/somescript flags=(complain) {
#include <abstractions/base>
#include <abstractions/bash>
/home/user/somescript r,
/usr/bin/bash ix,
}The entries in /var/log/audit/audit.log look valid though and I verified that there is no /var/log/messages. Because I found a similar issue regarding this file, which was solved by changing the parser's regular expression inside /usr/lib/python3.4/site-packages/apparmor/logparser.py, I checked the regex for audit.log and verified that it is correct and matches the lines in the log file.
While reading the code, I realized that there is some useful looking debug logging implemented:
...
self.debug_logger.info('parse_event: %s' % msg)
...What could be the problem with aa-genprof and/or, additionally, how can I enable this debug output? Where is it stored? I changed /etc/apparmor/parser.conf to
## Be verbose
verbosebut that didn't help so far.
Thank you!
Last edited by tuttiarch (2015-08-05 07:18:32)
Offline