[apparmor] [profile] xfce4-dict: complain mode: /usr/bin/enchant, /usr/bin/enchant-lsmod and access to Specific Resources.
daniel curtis
sidetripping at gmail.com
Wed Aug 30 20:04:45 UTC 2017
Hello
On Wed, Aug 2. I've asked a question about xfce4-dict - a client program,
for example, to query different dictionaries via internet connections etc.
And I've had a problem with some aa-status(8) command result. Namely with
"/usr/bin/enchant" and "/usr/bin/enchant-lsmod".
So, during creating a profile, aa-genprof(8) utility created a rules for
both above files with a "rix" mode access. It led to a "strange" result for
aa-status(8) command:
2 profiles are in complain mode.
/usr/bin/xfce4-dict//null-/usr/bin/enchant
/usr/bin/xfce4-dict//null-/usr/bin/enchant-lsmod
There was also some other issues. But I would like to write about above
things, because it seems they are solved. As I said, aa-genprof(8) utility
created rules with "rix" mode, right? I decided to try something. A small
change, that worked!
✗ /usr/bin/enchant rix,
✗ /usr/bin/enchant-lsmod rix,
✓ /usr/bin/enchant mrix,
✓ /usr/bin/enchant-lsmod mrix,
After this small change "rix" > "mrix", aa-status(8) command no longer
shows "enchant" in a Complain mode and xfce4-dict is Enforced and works OK.
It makes me happy, because I want every application, which is connecting to
the internet had an AppArmor profile. (At last, I achieved this on one of
my testing machine.)
Thanks, best regards.
.
.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20170830/d30642a4/attachment.html>
More information about the AppArmor
mailing list