Need Some Help With Apparmor

Discussion in 'all things UNIX' started by lucygrl, Oct 9, 2014.

  1. lucygrl

    lucygrl Registered Member

    Joined:
    Nov 6, 2013
    Posts:
    202
    Hi, I need some help with Apparmor in Ubuntu 14.04. How exactly do I place a profile in Enforce mode via the Terminal? Ive read a few articles on this, but they all seem a little different and none seem to work so I guess Im doing something wrong. So for example, if I wanted to say place Brasero or another programme in enforce mode, what would be the exact terminal commands?

    thankyou.
     
  2. wat0114

    wat0114 Registered Member

    Joined:
    Aug 5, 2012
    Posts:
    1,984
    Location:
    Canada
    hi lucygrl,

    sudo aa-enforce /etc/apparmor.d/name-of-profile

    eg: sudo aa-enforce /etc/apparmor.d/opt.google.chrome

    and to set to "complain":

    sudo aa-complain /etc/apparmor.d/opt.google.chrome

    For Brasero I think it would be:

    sudo aa-enforce /etc/apparmor.d/usr.bin.brasero


    ...of course the profile must first exist in the first place.
     
  3. lucygrl

    lucygrl Registered Member

    Joined:
    Nov 6, 2013
    Posts:
    202
    Thankyou, A couple of things, first, when I tried,

    sudo aa-enforce /etc/apparmor.d/usr.bin.brasero

    I got,

    sudo: aa-enforce: command not found

    When I type,


    sudo apparmor_status


    This is what I get,

    9 processes have profiles defined.
    6 processes are in enforce mode.
    /sbin/dhclient (1492)
    /usr/bin/freshclam (1021)
    /usr/lib/firefox/firefox{,*[^s][^h]} (2294)
    /usr/lib/telepathy/mission-control-5 (2186)
    /usr/sbin/cups-browsed (1014)
    /usr/sbin/cupsd (2021)
    3 processes are in complain mode.
    /usr/sbin/avahi-daemon (622)
    /usr/sbin/avahi-daemon (623)
    /usr/sbin/dnsmasq (1499)

    So how do I make the profile?

    I can see Brasero in usr.bin.brasero
    So how do I get Brasero into /etc/apparmor.d/usr.bin.brasero
    thankyou.
     
    Last edited: Oct 10, 2014
  4. wat0114

    wat0114 Registered Member

    Joined:
    Aug 5, 2012
    Posts:
    1,984
    Location:
    Canada
    I'm no expert at all but...maybe you need Apparmor utilities?

    Try opening a terminal and type:

    sudo apt-get update

    ...then follow that with:

    sudo apt-get install apparmor-utils
     
Loading...