[apparmor] query
Pradeep Gupta
info at dryzilla.com
Thu Nov 20 11:21:20 UTC 2014
i am trying to create apparmor profile for ruby file named test.rb and put
that file under /root, test.rb contain:
#!/usr/bin/env ruby
`mkdir demo`
i created apparmor profile by following way:
aa-genprof test.rb
above command successfully created apparmor profile for that test.rb, Now i
wants that this test.rb file should not create anything inside /root
directory except read access. So i made following changes in apparmor
profile for test.rb file:
Last Modified: Mon Sep 29 06:59:34 2014
#include <tunables/global>
/root/test.rb {
#include <abstractions/base>
/root/test.rb mr,
/root/ r,
}
Now i restart and reloaded apparmor by following way:
sudo service apparmor restart
so i assumed that when i will run my test.rb should not create any
directory inside /root directory, But when i run this file like this way:
ruby test.rb
Its create demo directory inside /root
ls /root
demo
I dont understand why this produce this behaviour...
There is same question i posted here:
http://stackoverflow.com/questions/26120464/apparmor-profile-creation-for-ruby-script
Thanks,
Pradeep Gupta
info at dryzilla.com
+91-9993125991
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20141120/c988347f/attachment.html>
More information about the AppArmor
mailing list