[apparmor] How to setup apparmor for calling an executable from another executable with a profile
Germán Diago Gómez
germandiago at gmail.com
Tue May 29 14:49:45 UTC 2018
> Sounds like /the/other/executable ix, is what fits you best.
This is what I did before (and just tried again). Indeed this is not
working for me (I just checked again).
I think the problem might be that the executable I try to execute
(/my/other/executable)
is in /usr/bin? Because /my/executable is hanging from my home dir and
there is
no problem in that case.
Without the apparmor profile I can execute both executables. I am trying
to run a service
inside a docker container.
I load the profile like this in the server machine (NOT in the container/
sudo apparmor_parser -r -W myprofile-file
And run the docker machine like this:
docker run ... --security-opt apparmor=my-profile ...
if I execute /usr/bin/myexe I get permission denied
Regards,
Germán Diago
More information about the AppArmor
mailing list