On 3/26/21 3:17 AM, Jacek wrote: > Thanks > > A little test: > > # G1 Gentuś ### Fri Mar 26 11:10:44 localhost : /home/duch > > # root ~> tail /etc/apparmor.d/bin.ping > network netlink raw, > network unix stream, > > signal receive set=cont peer=unconfined, > signal receive set=term peer=unconfined, > > hide w /bin/ping, > ### mrix, > kill w /bin/ping6, > } > > # G1 Gentuś ### Fri Mar 26 11:10:57 localhost : /home/duch > > # root ~> apparmor_parser -r /etc/apparmor.d/bin.ping > AppArmor parser error for /etc/apparmor.d/bin.ping in profile > /etc/apparmor.d/bin.ping at line 34: missing an end of line character? > (entry: hide) > > > Can I request a more precise example of the syntax for this entry? >
sorry I should have clarified. The extended perm work has not landed yet, it is landing soon, so it is not available yet > ;) > > Cheers > > > W dniu 26.03.2021 o 09:57, John Johansen pisze: >> it helps some times, but is very much still an error code and dependent on >> how the application is handling returned errors. With that said hiding via >> returning ENOENT instead of EACCES is part of the extended perm work that >> should be landing upstream over the next cycle or two. Eg. >> >> hide w /foo/bar, >> >> This of course doesn't stop an application from being able to discover >> something isn't right, eg. if you give directory read access the dir listing >> will show the entry that is being hidden, this as you said is more about >> trying not to break certain applications. >> >> The other option you have is the heavy hammer of killing the task instead. >> Currently that is limited to a profile flag but the extended perm work will >> make that possible to specify at the rule level. >> >> kill w /etc/password, > -- AppArmor mailing list AppArmor@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor