From: Goldwyn Rodrigues
If the profile in profles and profile_data are the same, then don't attempt
to attach.
1. mkdir /tmp/apparmor.d/
cp -r /etc/apparmor.d/abstractions /tmp/apparmor.d/
cp -r /etc/apparmor.d/tunables /tmp/apparmor.d/
2. Generate basic profiles for the all executable fi
On Thu, Nov 23, 2017 at 09:33:45AM +, daniel curtis wrote:
> ✗ ERROR: Syntax Error: Unknown line found in file
> /etc/apparmor.d/usr.lib.snapd.snap-confine.real line 15:
> include "/var/lib/snapd/apparmor/snap-confine.d" /etc/ld.so.cache r,
>
> >> So either you're going to be hand-editing your
Hello,
Am Dienstag, 28. November 2017, 19:04:03 CET schrieb Goldwyn Rodrigues:
> From: Goldwyn Rodrigues
>
> If the profile in profles and profile_data are the same, then don't
> attempt to attach.
>
> 1. mkdir /tmp/apparmor.d/
>cp -r /etc/apparmor.d/abstractions /tmp/apparmor.d/
>cp -r
Make it possible to tie Apparmor profiles to the presence of one or more
extended attributes, and optionally their values. An example usecase for
this is to automatically transition to a more privileged Apparmor profile
if an executable has a valid IMA signature, which can then be appraised
by the
Hello Matthew, thanks for this; I'll let John comment on the larger design
of the patch, I'll just nitpick one little piece:
On Tue, Nov 28, 2017 at 04:08:15PM -0800, Matthew Garrett wrote:
> --- a/security/apparmor/include/policy.h
> +++ b/security/apparmor/include/policy.h
> @@ -148,6 +148,12 @@