[apparmor] query
Christian Boltz
apparmor at cboltz.de
Thu Nov 20 17:12:18 UTC 2014
Hello,
Am Donnerstag, 20. November 2014 schrieb Pradeep Gupta:
> /root/test.rb {
> #include <abstractions/base>
>
> /root/test.rb mr,
> /root/ r,
> }
>
> Now i restart and reloaded apparmor by following way:
>
> sudo service apparmor restart
>
> so i assumed that when i will run my test.rb should not create any
> directory inside /root directory, But when i run this file like this
> way:
>
> ruby test.rb
That's the problem - the executable here is "ruby" (not "test.rb"), and
you most probably don't have a profile for /usr/bin/ruby ;-)
"test.rb" is just a parameter for ruby, it's not recognized as "the
executable".
The solution is to start it with
./test.rb
(or add /root to your PATH and start it with just "test.rb")
Now the executed program is really "test.rb" and your profile will be
applied.
BTW: I wouldn't be surprised if you need some more additions to your
profile (like "#include <abstractions/ruby>") - aa-logprof will tell you
after you started your script with "./test.rb".
Regards,
Christian Boltz
--
So wie yast2 [auf der Konsole] zur Zeit aussieht, ist es das Outlook
unter den Konsolenprogrammen: Nämlich die alleinseligmachende, fortge-
setzte Normverletzung unter Vorgabe guter Motive. [Ratti in suse-linux]
More information about the AppArmor
mailing list