On 10/20/20 1:58 PM, swarna latha wrote: > Does it mean, we will not be able to get apparmor logs for applications > running in container ? >
Not necessarily, it will depend on how the container is setup. > And container has its own dmesg buffer ? > no, its just a matter of whether the container has access to the dmesg buffer > Are there any ways to use apparmor to generate profile for applications > running in containers ? > yes. If the container has access to the kernel messages you can generate the profile in the container. If it doesn't the host still has access and you can generate a profile on the host and then copy it into the container, or you can copy the log into the container and use aa-logprof to generate a profile from the log file. > Thanks, > Swarna > > On Tue, Oct 20, 2020 at 3:55 PM Simon Deziel <si...@sdeziel.info > <mailto:si...@sdeziel.info>> wrote: > > On 2020-10-20 3:46 p.m., swarna latha wrote: > > Thanks john for the quick reply.. > > > > My kernel version is 4.1.51-1.19 > > > > Tried below logging options, but didnt help. Not able to get logs, what > is > > blocking apparmor to play video. > > echo -n "noquiet" /sys/module/apparmor/parameters/audit > > echo 0> /sys/module/apparmor/parameters/debug > > So far, what I've seen with containers is that dmesg/kernel logs are > only visible from the host's context, not the containers themselves. > > HTH, > Simon > > -- > AppArmor mailing list > AppArmor@lists.ubuntu.com <mailto:AppArmor@lists.ubuntu.com> > Modify settings or unsubscribe at: > https://lists.ubuntu.com/mailman/listinfo/apparmor > > -- AppArmor mailing list AppArmor@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor