Profile creation and answer to few types of questions.
Hi. I have a one short question about creating a profile for application. Let say, that I want create a profile for 'audacious'. During creation ('aa-genprof'), system will ask some questions - questions that I must answer to add the resource or program to the profile and AppArmor suggesting directory path entries etc,. Should I answer 'yes' to all? I read in some guide (nothing related to Ubuntu or OpenSuse documentation for AppArmor), that I need to answer 'yes'. It's very difficult.
Best regards.
Question information
- Language:
- English Edit question
- Status:
- Answered
- For:
- Ubuntu apparmor Edit question
- Assignee:
- No assignee Edit question
- Last query:
- 2013-04-13
- Last reply:
- 2018-04-28
If you copy the config file from your home folder to /etc/skel it will be set each time a new user is made. You may want to review the config before copying
daniel CURTIS (anoda) said : | #2 |
Hi Andrew. Okay, but what should I do with these questions? Answer 'yes' or 'no'? For me, it seems, that system asking about files, directories, which are needed to run application propelly. So, I should answer 'yes'. But I'm not sure.
A. Denton (aquina) said : | #3 |
The process is not trivial and requires a profound understanding of AppArmor and the "normal" behavior of the application in question. Generally speaking aa-genprof is just a start and answering "yes" to all questions may(!) not be desired. Other than that a manual optimization of generated AppArmor profiles is always recommended at all times, since kernel capabilities may not be required although detected or access permissions on files/directories are too generic or too specific and thus subject to optimization. You are thus recommended to read up a bit more on AppArmor.
Can you help with this problem?
Provide an answer of your own, or ask daniel CURTIS for more information if necessary.