Ubuntu
apparmor package

Profile creation and answer to few types of questions.

Asked by daniel CURTIS

Hi. I have a one short question about creating a profile for application. Let say, that I want create a profile for 'audacious'. During creation ('aa-genprof'), system will ask some questions - questions that I must answer to add the resource or program to the profile and AppArmor suggesting directory path entries etc,. Should I answer 'yes' to all? I read in some guide (nothing related to Ubuntu or OpenSuse documentation for AppArmor), that I need to answer 'yes'. It's very difficult.

Best regards.

Question information

Language:
English Edit question
Status:
Answered
For:
Ubuntu apparmor Edit question
Assignee:
No assignee Edit question
Last query:
Last reply:
Revision history for this message
actionparsnip (andrew-woodhead666) said : 		#1

If you copy the config file from your home folder to /etc/skel it will be set each time a new user is made. You may want to review the config before copying

Revision history for this message
daniel CURTIS (anoda) said : 		#2

Hi Andrew. Okay, but what should I do with these questions? Answer 'yes' or 'no'? For me, it seems, that system asking about files, directories, which are needed to run application propelly. So, I should answer 'yes'. But I'm not sure.

Revision history for this message
A. Denton (aquina) said : 		#3

The process is not trivial and requires a profound understanding of AppArmor and the "normal" behavior of the application in question. Generally speaking aa-genprof is just a start and answering "yes" to all questions may(!) not be desired. Other than that a manual optimization of generated AppArmor profiles is always recommended at all times, since kernel capabilities may not be required although detected or access permissions on files/directories are too generic or too specific and thus subject to optimization. You are thus recommended to read up a bit more on AppArmor.

Can you help with this problem?

Provide an answer of your own, or ask daniel CURTIS for more information if necessary.

To post a message you must log in.