mk-fg / apparmor-profiles Goto Github PK

View Code? Open in Web Editor NEW

66.0 8.0 17.0 232 KB

My local AppArmor profiles for apps that can use those

Shell 38.54% Python 61.46%

apparmor-profile security sandboxing linux desktop lsm

apparmor-profiles's People

Contributors

Stargazers

Watchers

Forkers

kerneloftruth jacobzimmermann runephilosof zielmicha elinvention timofonic-sandboxing fabriziobonavita evgeniyblinov mlaradji dnbrakk shoulderhu bellyfat bbhtt gazorby roijo syllogy

apparmor-profiles's Issues

Upwork crashes in enforce mode

Upwork 5.0.0.319 crashes with usr.bin.upwork profile in enforce mode. Could You fix please? Thanks!

Contributing Workflow

Hey,

I just found this project and I think it is an amazing idea! I had the same whilst wondering why there is no really centralized apparmor profiles repository.

Would it make sense to merge in the apparmor-profiles from Ubuntu here?
Many of them are just stub files and I think fixing them would be pretty important:

http://bazaar.launchpad.net/~apparmor-dev/apparmor-profiles/master/files/head:/ubuntu/14.04/

Steam home access

apparmor-profiles/profiles/usr.bin.steam

Line 20 in 4f0c5af

owner @{HOME}/** rwkmixl,

I think Steam should not have full access to home dir - only the his config dir

steam apparmor profile unable to enforce

I use lubuntu 14.04 64Bit and I can not use this profile.

any hints?

thanks

sudo aa-enforce /etc/apparmor.d/usr.bin.steam 
Traceback (most recent call last):
  File "/usr/sbin/aa-enforce", line 30, in <module>
    tool.cmd_enforce()
  File "/usr/lib/python3/dist-packages/apparmor/tools.py", line 139, in cmd_enforce
    apparmor.read_profiles()
  File "/usr/lib/python3/dist-packages/apparmor/aa.py", line 2594, in read_profiles
    read_profile(profile_dir + '/' + file, True)
  File "/usr/lib/python3/dist-packages/apparmor/aa.py", line 2620, in read_profile
    profile_data = parse_profile_data(data, file, 0)
  File "/usr/lib/python3/dist-packages/apparmor/aa.py", line 2961, in parse_profile_data
    load_include(include_name)
  File "/usr/lib/python3/dist-packages/apparmor/aa.py", line 4464, in load_include
    raise AppArmorException("Include file %s not found" % (profile_dir + '/' + incfile) )
apparmor.common.AppArmorException: 'Include file /etc/apparmor.d/abstractions/site/base not found'
$ sudo rm usr.bin.steam 
$ sudo aa-enforce /etc/apparmor.d/*
Profile for /etc/apparmor.d/abstractions not found, skipping
Profile for /etc/apparmor.d/apache2.d not found, skipping
Setting /etc/apparmor.d/bin.ping to enforce mode.
Profile for /etc/apparmor.d/cache not found, skipping
Profile for /etc/apparmor.d/disable not found, skipping
Profile for /etc/apparmor.d/force-complain not found, skipping
Setting /etc/apparmor.d/lightdm-guest-session to enforce mode.
Profile for /etc/apparmor.d/local not found, skipping
Profile for /etc/apparmor.d/program-chunks not found, skipping
Setting /etc/apparmor.d/sbin.dhclient to enforce mode.
Setting /etc/apparmor.d/sbin.klogd to enforce mode.
Setting /etc/apparmor.d/sbin.syslogd to enforce mode.
Setting /etc/apparmor.d/sbin.syslog-ng to enforce mode.
Profile for /etc/apparmor.d/tunables not found, skipping
Setting /etc/apparmor.d/usr.bin.chromium-browser to enforce mode.
Setting /etc/apparmor.d/usr.bin.evince to enforce mode.
Setting /etc/apparmor.d/usr.bin.firefox to enforce mode.
Profile for /etc/apparmor.d/usr.bin.firefox.dpkg-old not found, skipping
Setting /etc/apparmor.d/usr.lib.dovecot.deliver to enforce mode.
Setting /etc/apparmor.d/usr.lib.dovecot.dovecot-auth to enforce mode.
Setting /etc/apparmor.d/usr.lib.dovecot.imap to enforce mode.
Setting /etc/apparmor.d/usr.lib.dovecot.imap-login to enforce mode.
Setting /etc/apparmor.d/usr.lib.dovecot.managesieve-login to enforce mode.
Setting /etc/apparmor.d/usr.lib.dovecot.pop3 to enforce mode.
Setting /etc/apparmor.d/usr.lib.dovecot.pop3-login to enforce mode.
Setting /etc/apparmor.d/usr.sbin.avahi-daemon to enforce mode.
Setting /etc/apparmor.d/usr.sbin.cupsd to enforce mode.
Setting /etc/apparmor.d/usr.sbin.dnsmasq to enforce mode.
Setting /etc/apparmor.d/usr.sbin.dovecot to enforce mode.
Setting /etc/apparmor.d/usr.sbin.identd to enforce mode.
Setting /etc/apparmor.d/usr.sbin.mdnsd to enforce mode.
Setting /etc/apparmor.d/usr.sbin.nmbd to enforce mode.
Setting /etc/apparmor.d/usr.sbin.nscd to enforce mode.
Setting /etc/apparmor.d/usr.sbin.ntpd to enforce mode.
Setting /etc/apparmor.d/usr.sbin.rsyslogd to enforce mode.
Setting /etc/apparmor.d/usr.sbin.smbd to enforce mode.
Setting /etc/apparmor.d/usr.sbin.tcpdump to enforce mode.
Setting /etc/apparmor.d/usr.sbin.traceroute to enforce mode.
$ dpkg -l | grep apparmor
ii  apparmor                              2.8.95~2430-0ubuntu5.2                  amd64        User-space parser utility for AppArmor
ii  apparmor-profiles                     2.8.95~2430-0ubuntu5.2                  all          Profiles for AppArmor Security policies
ii  apparmor-utils                        2.8.95~2430-0ubuntu5.2                  amd64        Utilities for controlling AppArmor
ii  libapparmor-perl                      2.8.95~2430-0ubuntu5.2                  amd64        AppArmor library Perl bindings
ii  libapparmor1:amd64                    2.8.95~2430-0ubuntu5.2                  amd64        changehat AppArmor library
ii  python3-apparmor                      2.8.95~2430-0ubuntu5.2                  amd64        AppArmor Python3 utility library
ii  python3-libapparmor                   2.8.95~2430-0ubuntu5.2                  amd64        AppArmor library Python3 bindings

Your steam profile confines the steam executable located in /usr/bin/steam. I'm using Debian and I'm a bit confused where to look for the actual executable. I tried to name it usr.games.steam, but when I started steam, with aa-status I saw that the profile was in enforce mode, but not the process.

It seems that the actual steam binary is located in ~/.steam/ubuntu12_32/steam. Should I change the profile to match that?

Thank you.

Recommend Projects

React

A declarative, efficient, and flexible JavaScript library for building user interfaces.
Vue.js

🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
Typescript

TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
TensorFlow

An Open Source Machine Learning Framework for Everyone
Django

The Web framework for perfectionists with deadlines.
Laravel

A PHP framework for web artisans
D3

Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

javascript

JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
web

Some thing interesting about web. New door for the world.
server

A server is a program made to process requests and deliver data to clients.
Machine learning

Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Visualization

Some thing interesting about visualization, use data art
Game

Some thing interesting about game, make everyone happy.

Recommend Org

Facebook

We are working to build community through open source technology. NB: members must have two-factor auth.
Microsoft

Open source projects and samples from Microsoft.
Google

Google ❤️ Open Source for everyone.
Alibaba

Alibaba Open Source for everyone
D3

Data-Driven Documents codes.
Tencent

China tencent open source team.

Jobs

Jooble