mk-fg / apparmor-profiles Goto Github PK
View Code? Open in Web Editor NEWMy local AppArmor profiles for apps that can use those
My local AppArmor profiles for apps that can use those
Upwork 5.0.0.319 crashes with usr.bin.upwork profile in enforce mode. Could You fix please? Thanks!
Hey,
I just found this project and I think it is an amazing idea! I had the same whilst wondering why there is no really centralized apparmor profiles repository.
Would it make sense to merge in the apparmor-profiles from Ubuntu here?
Many of them are just stub files and I think fixing them would be pretty important:
http://bazaar.launchpad.net/~apparmor-dev/apparmor-profiles/master/files/head:/ubuntu/14.04/
apparmor-profiles/profiles/usr.bin.steam
Line 20 in 4f0c5af
I use lubuntu 14.04 64Bit and I can not use this profile.
any hints?
thanks
sudo aa-enforce /etc/apparmor.d/usr.bin.steam
Traceback (most recent call last):
File "/usr/sbin/aa-enforce", line 30, in <module>
tool.cmd_enforce()
File "/usr/lib/python3/dist-packages/apparmor/tools.py", line 139, in cmd_enforce
apparmor.read_profiles()
File "/usr/lib/python3/dist-packages/apparmor/aa.py", line 2594, in read_profiles
read_profile(profile_dir + '/' + file, True)
File "/usr/lib/python3/dist-packages/apparmor/aa.py", line 2620, in read_profile
profile_data = parse_profile_data(data, file, 0)
File "/usr/lib/python3/dist-packages/apparmor/aa.py", line 2961, in parse_profile_data
load_include(include_name)
File "/usr/lib/python3/dist-packages/apparmor/aa.py", line 4464, in load_include
raise AppArmorException("Include file %s not found" % (profile_dir + '/' + incfile) )
apparmor.common.AppArmorException: 'Include file /etc/apparmor.d/abstractions/site/base not found'
$ sudo rm usr.bin.steam
$ sudo aa-enforce /etc/apparmor.d/*
Profile for /etc/apparmor.d/abstractions not found, skipping
Profile for /etc/apparmor.d/apache2.d not found, skipping
Setting /etc/apparmor.d/bin.ping to enforce mode.
Profile for /etc/apparmor.d/cache not found, skipping
Profile for /etc/apparmor.d/disable not found, skipping
Profile for /etc/apparmor.d/force-complain not found, skipping
Setting /etc/apparmor.d/lightdm-guest-session to enforce mode.
Profile for /etc/apparmor.d/local not found, skipping
Profile for /etc/apparmor.d/program-chunks not found, skipping
Setting /etc/apparmor.d/sbin.dhclient to enforce mode.
Setting /etc/apparmor.d/sbin.klogd to enforce mode.
Setting /etc/apparmor.d/sbin.syslogd to enforce mode.
Setting /etc/apparmor.d/sbin.syslog-ng to enforce mode.
Profile for /etc/apparmor.d/tunables not found, skipping
Setting /etc/apparmor.d/usr.bin.chromium-browser to enforce mode.
Setting /etc/apparmor.d/usr.bin.evince to enforce mode.
Setting /etc/apparmor.d/usr.bin.firefox to enforce mode.
Profile for /etc/apparmor.d/usr.bin.firefox.dpkg-old not found, skipping
Setting /etc/apparmor.d/usr.lib.dovecot.deliver to enforce mode.
Setting /etc/apparmor.d/usr.lib.dovecot.dovecot-auth to enforce mode.
Setting /etc/apparmor.d/usr.lib.dovecot.imap to enforce mode.
Setting /etc/apparmor.d/usr.lib.dovecot.imap-login to enforce mode.
Setting /etc/apparmor.d/usr.lib.dovecot.managesieve-login to enforce mode.
Setting /etc/apparmor.d/usr.lib.dovecot.pop3 to enforce mode.
Setting /etc/apparmor.d/usr.lib.dovecot.pop3-login to enforce mode.
Setting /etc/apparmor.d/usr.sbin.avahi-daemon to enforce mode.
Setting /etc/apparmor.d/usr.sbin.cupsd to enforce mode.
Setting /etc/apparmor.d/usr.sbin.dnsmasq to enforce mode.
Setting /etc/apparmor.d/usr.sbin.dovecot to enforce mode.
Setting /etc/apparmor.d/usr.sbin.identd to enforce mode.
Setting /etc/apparmor.d/usr.sbin.mdnsd to enforce mode.
Setting /etc/apparmor.d/usr.sbin.nmbd to enforce mode.
Setting /etc/apparmor.d/usr.sbin.nscd to enforce mode.
Setting /etc/apparmor.d/usr.sbin.ntpd to enforce mode.
Setting /etc/apparmor.d/usr.sbin.rsyslogd to enforce mode.
Setting /etc/apparmor.d/usr.sbin.smbd to enforce mode.
Setting /etc/apparmor.d/usr.sbin.tcpdump to enforce mode.
Setting /etc/apparmor.d/usr.sbin.traceroute to enforce mode.
$ dpkg -l | grep apparmor
ii apparmor 2.8.95~2430-0ubuntu5.2 amd64 User-space parser utility for AppArmor
ii apparmor-profiles 2.8.95~2430-0ubuntu5.2 all Profiles for AppArmor Security policies
ii apparmor-utils 2.8.95~2430-0ubuntu5.2 amd64 Utilities for controlling AppArmor
ii libapparmor-perl 2.8.95~2430-0ubuntu5.2 amd64 AppArmor library Perl bindings
ii libapparmor1:amd64 2.8.95~2430-0ubuntu5.2 amd64 changehat AppArmor library
ii python3-apparmor 2.8.95~2430-0ubuntu5.2 amd64 AppArmor Python3 utility library
ii python3-libapparmor 2.8.95~2430-0ubuntu5.2 amd64 AppArmor library Python3 bindings
Your steam profile confines the steam executable located in /usr/bin/steam
. I'm using Debian and I'm a bit confused where to look for the actual executable. I tried to name it usr.games.steam
, but when I started steam, with aa-status
I saw that the profile was in enforce mode, but not the process.
It seems that the actual steam binary is located in ~/.steam/ubuntu12_32/steam
. Should I change the profile to match that?
Thank you.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.