[apparmor] How to setup apparmor for calling an executable from another executable with a profile
Seth Arnold
seth.arnold at canonical.com
Tue May 29 21:54:55 UTC 2018
On Tue, May 29, 2018 at 09:49:45PM +0700, Germán Diago Gómez wrote:
> sudo apparmor_parser -r -W myprofile-file
>
> And run the docker machine like this:
>
> docker run ... --security-opt apparmor=my-profile ...
>
> if I execute /usr/bin/myexe I get permission denied
Hello,
If you check your audit logs or dmesg you will find an AppArmor DENIED
line with full details about the denied request. Once you've got those,
then it'll be easier to make concrete suggestions for changes.
Thanks
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: not available
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20180529/fed6e541/attachment.sig>
More information about the AppArmor
mailing list