Hi, I need some help with Apparmor in Ubuntu 14.04. How exactly do I place a profile in Enforce mode via the Terminal? Ive read a few articles on this, but they all seem a little different and none seem to work so I guess Im doing something wrong. So for example, if I wanted to say place Brasero or another programme in enforce mode, what would be the exact terminal commands? thankyou.
hi lucygrl, sudo aa-enforce /etc/apparmor.d/name-of-profile eg: sudo aa-enforce /etc/apparmor.d/opt.google.chrome and to set to "complain": sudo aa-complain /etc/apparmor.d/opt.google.chrome For Brasero I think it would be: sudo aa-enforce /etc/apparmor.d/usr.bin.brasero ...of course the profile must first exist in the first place.
Thankyou, A couple of things, first, when I tried, sudo aa-enforce /etc/apparmor.d/usr.bin.brasero I got, sudo: aa-enforce: command not found When I type, sudo apparmor_status This is what I get, 9 processes have profiles defined. 6 processes are in enforce mode. /sbin/dhclient (1492) /usr/bin/freshclam (1021) /usr/lib/firefox/firefox{,*[^s][^h]} (2294) /usr/lib/telepathy/mission-control-5 (2186) /usr/sbin/cups-browsed (1014) /usr/sbin/cupsd (2021) 3 processes are in complain mode. /usr/sbin/avahi-daemon (622) /usr/sbin/avahi-daemon (623) /usr/sbin/dnsmasq (1499) So how do I make the profile? I can see Brasero in usr.bin.brasero So how do I get Brasero into /etc/apparmor.d/usr.bin.brasero thankyou.
I'm no expert at all but...maybe you need Apparmor utilities? Try opening a terminal and type: sudo apt-get update ...then follow that with: sudo apt-get install apparmor-utils
