You are not logged in.
Pages: 1
Perhaps I missed something, but I installed and enabled AppArmor and the audit service. When I navigate to the folder where I want to create a profile and run `sudo aa-genprof ./launcher`, execute the launcher file and after a while close it, hit scan of the aa-genprof and finish the profile, the profile file ends up empty. As far as I understand, if the profile is empty, it will grant all the access the application needs.
Also, how do I know what to allow and what permission to set?
Offline
In majority of cases you must to give permission to read some bin in /bin ou /usr/bin, but the easiest way is try to execute an program (after use aa-genprof in this program) and after using
sudo aa-logprofthat will use the logs to ask you about some permissions. This permission will be added to the binary profile and if needed you can use "sudo aa-logprof" multiple times
OBS: Sorry for my english
Last edited by messyah (2024-11-24 13:45:46)
Offline
Perhaps I missed something, but I installed and enabled AppArmor and the audit service. When I navigate to the folder where I want to create a profile and run `sudo aa-genprof ./launcher`,
I seriously doubt that creating a profile this way would work. man aa-genprof says:
When running aa-genprof, you must specify a program to profile. If the specified program is not a fully-qualified path, aa-genprof will search $PATH in order to find the program.
If launcher is in your $PATH you should simply execute
sudo aa-genprof launcherand aa-genprof will find it. If it's not in your $PATH you must use the full path to the executable as the argument, like:
sudo aa-genprof /home/allesandro/launcheror whatever.
Besides, I suggest that you create the new profile rather by using aa-autodep as experience tells that aa-genprof puts the profile too fast into enforce mode making it more difficult to find the necessary rules. aa-autodep leaves the profile in complain mode until you explicitly change it to enforce mode (after aa-logprof doesn't show any errors any more). This is usually the better approach for new profiles.
Offline
Pages: 1