[apparmor] AppArmor profile: requested_mask and denied_mask = "c", "x".
daniel curtis
sidetripping at gmail.com
Fri Dec 18 16:51:04 UTC 2015
Hi.
I would like to ask about AppArmor profile and a system log files
such as, for example, /var/log/syslog etc. Let say, that I wrote a
profile for an application, which 'audit' entries in log files contains
something like this (of course, I omitted the whole 'audit'):
* requested_mask="c" denied_mask="c"
I have to say, that it is "DENIED" action for 'mkdir' operation in
/home/user/.app/ directory. But that is not the point. So, what "c"
exactly means? If I would like to add a rule to the AppArmor
profile what should I use? I mean: 'r', 'w', 'x', or maybe 'l', 'k',
'm'? Or maybe something completely different, like:
* /usr/bin/xyz Cx -> sanitized_helper,
Generally: what does "c" and "x" exactly means? (In AppArmor
audit messages). In conclusion: what rules should I use in an
application profile, if in log files there is, for example, 'audit'
messages like this one:
1/ operation="mkdir", requested_mask="c", denied_mask="c"
2/ operation="exec", requested_mask=x", denied_mask="x"
So, how a correct entries, in the profile, should look like?
Best regards.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20151218/24f3e012/attachment.html>
More information about the AppArmor
mailing list