On 2021-03-30, Christian Boltz wrote:
> However, you carefully avoided the correct path ;-) - you'll need
> /var/cache/fontconfig/ w,
FML, that slipped my mind. Thanks for the pointer!
In case anyone's interested what happened:
Apparently, the first Electron-App to start after something
On 3/30/21 11:11 AM, Murali Selvaraj wrote:
> Hi All,
>
> We are planning to use "Apparmor profiles" as part of Security reasons.
> -> Assume, we have finalized a profile for a certain process after
> experiment in our setup/QA validation.
> -> Next day, there is a possibility of any code merging
On Tue, Mar 30, 2021 at 11:41:25PM +0530, Murali Selvaraj wrote:
> -> As we know that code has been merged/updated continuously (day to
> day) on the particular process, Do we have any mechanism to ensure how
> the Apparmor profile aligns with the latest process/image?
Be sure your continuous
Hello,
Am Dienstag, 30. März 2021, 22:28:00 CEST schrieb Jonas Große Sundrup:
> type=1400 audit(1617134745.962:4981): apparmor="DENIED"
> operation="chmod" profile="/usr/lib/signal-desktop/signal-desktop"
> name="/var/cache/fontconfig/" pid=246265 comm="signal-desktop"
> requested_mask="w"
On 3/30/21 10:54 AM, Murali Selvaraj wrote:
> Hi All,
>
> As per my understanding with the help of Apparmor profile we are
> restricting the access to the process in terms of
> its resources/namespaces.
>
> It looks similar to hardening where we are restricting the resources to
> process.
>
Hi,
my dmesg shows me the following output:
type=1400 audit(1617134745.962:4981): apparmor="DENIED"
operation="chmod" profile="/usr/lib/signal-desktop/signal-desktop"
name="/var/cache/fontconfig/" pid=246265 comm="signal-desktop"
requested_mask="w" denied_mask="w" fsuid=1000 ouid=0
What would
Hi All,
We are planning to use "Apparmor profiles" as part of Security reasons.
-> Assume, we have finalized a profile for a certain process after
experiment in our setup/QA validation.
-> Next day, there is a possibility of any code merging where this
entry won't be available in the existing (2)
Hi All,
As per my understanding with the help of Apparmor profile we are
restricting the access to the process in terms of
its resources/namespaces.
It looks similar to hardening where we are restricting the resources to process.
Does it mean, technically Hardening and Apparmor profiles look