Hi John/Seth, Thanks John/Seth for your detailed information.
Can you please clarify the below queries. Query 1: -> From the aa-log-prof, we are able to generate an apparmor profile for the required process. In order to confirm the profile(by theoretically) if we compare cat /proc/<pid>/maps | grep -i lib this output will it be sufficient or any possibility of the libraries may not be in this entry cat /proc/<pid>/maps? -> Like a library, do we have any other way to find the list of configuration, temporary files using by process can be identified by simple tools or from any /proc entries like above? This is just to confirm about our profile. Query 2: -> For example, one of my process is running in "non-root" owner which has read/write access to /proc/<test>/<test_2>/ While generate profile for this process, Do I need to add this entry /proc/<test>/<test_2>/* rw, Or without adding this entry will it able to do read/write operation /proc/<test>/<test_2>/? Query 3: Can you please explain the difference for the below entries in the apparmor profile? /tmp/lock_file rw, /tmp/lock_file rwc, /tmp/test.css ww, /tmp/test.css w /tmp/initialized rww, /tmp/initialized rw, /tmp/driver krw, /tmp/driver rw, Query 4: By default, while device boots apparmor profiles are loaded to Kernel and the corresponding process read from the profile during the process execution, -> As per our code, the process kills/crashes by unknown reason; we have a mechanism to restart by itself. In that case, during the process restart, will it start as per profile or without profile? Query 5: I would like to understand the reason for below DENIED logs, what does it really expect? Do I need to add the entry like /tmp/test c or /tmp/test rw or /tmp/test rwk? Pls share the difference for each mentioned possibility? 2021 Apr 04 17:35:05 admin kernel: audit: type=1400 audit(1617557705.711:207): apparmor="DENIED" operation="mknod" profile="example" name="/tmp/test" pid=11410 comm="application" requested_mask="c" denied_mask="c" fsuid=0 ouid=0 What is really this log expecting? Thanks Murali.S -- AppArmor mailing list [email protected] Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor
