[apparmor] Need Assistance With AppArmor Profiling Issue
John Johansen
john.johansen at canonical.com
Wed Mar 21 16:53:25 UTC 2012
On 03/21/2012 07:16 AM, Don Woeltje wrote:
> I’m profiling Firefox11. I can never get it to work, in enforce mode, without problems. I keep running it, then running aa-logprof to make corrections to the profile. Then I go into Edit A Profile (in YaST) to look at the changes and I see some weird entries at the beginning of the profile. They are as follows:
>
>
>
> [+] ^null-15
>
> [+] ^null-1e
>
> [+] ^null-27
>
> [+] ^null-32
>
> [+] ^null-d
>
>
These are learning profile names. I have no idea why they would be showing up
as rules. This would indicate to me you are running a version of genprof/
logprof that does not match your kernel.
What kernel do you have? (You can find out by running the following command
in a terminal)
uname -a
What apparmor userspace do you have? (You can find out by running the
following command in a terminal)
apparmor_parser -V
>
> And it keeps making these things. I think this is why I keep having problems. Each time it creates one of the entries, it has a new name. I thought I’d try highlighting the first entry ([+] ^null-15) and doing an edit of the entry and set it to [+] ^null-*, but when I highlighted the entry and clicked the Edit Entry button, it was like it took me into another file that was full of entries of its own.
>
> Any idea on what I can do to resolve this?
>
We can manually step through the logs if necessary or we can get you newer
versions of the userspace tools.
More information about the AppArmor
mailing list