AppArmor on Bodhi Linux 1.4.0

Discussion in 'all things UNIX' started by Gullible Jones, Apr 18, 2012.

Thread Status:
Not open for further replies.
  1. Seems to have some serious problems!
    - I have to disable the profile for dhclient3 or NetworkManager can't connect
    - I have to disable the profile for Firefox, or the browser (version 11.0) isn't allowed internet access

    How can I remedy this? Are the default profiles defective or outdated? Should I just attempt to create new profiles?

    Edit: have to hand it to the devs though, this thing is awesome. Kind of like Geswall, only on radioactive steroids.
     
    Last edited by a moderator: Apr 18, 2012
  2. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,148
    Put the profiles in complain mode (sudo aa-complain /etc/apparmor.d/*) and then use all of the programs.

    Then you can use sudo aa-logprof and make proper changes.

    It's very simple once you get the hang of it. You can use gedit (you'll need sudo) to handle the profiles once they're done and condense them/ limit further.

    edit; Some tips:

    You'll get certain "possibilities" for different things. For file access:
    r - Read - gives read access to that folder or path
    w - Write - gives write access to that folder or path
    k - Lock - allows the process to own/ lock the file

    There are also programs:
    ix - Inherit - The called program runs in the same apparmor profile that is defined by the calling program
    ip - Profile - The called program runs in its own apparmor profile
     
  3. Thank you! But unfortunately Firefox and dhclient3 both fail to produce any useful messages in complain mode - assuming I'm doing things right, no possible changes are offered by aa-logprof, yet both programs continue to be denied network connectivity in enforce mode.

    I suspect I'm doing something wrong here?
     
  4. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,148
    Well, you can delete your firefox profile (in /etc/apparmor.d/) and then in terminal:
    and do the same for dhclient3.

    You can then leave them in complain mode and recreate the profile from scratch.

    Or you can use gedit and post the profile here and I can try to help you set it up.

    You should make sure that you have:

    and
     
Loading...
Thread Status:
Not open for further replies.