[apparmor] How to setup apparmor for calling an executable from another executable with a profile
Germán Diago Gómez
germandiago at gmail.com
Wed May 30 12:28:03 UTC 2018
> Just use flags=(attach_disconnected):
>
> /some/app flags=(attach_disconnected) {
>
> I have one question though. Why does the system (or just AppArmor) think that
> the file is "var/lib/..." and not "/var/lib/..."?
No idea, apparmor rookie here. But I can say that this the profile is
applied to a docker container, like this:
docker run ... --security-opt apparmor=myprofile my-machine
maybe it has something to do.
> One of my apps behaves
> differently depending on how the X-server is started. When I use just the
> "startx" command issued via TTY, the attach_disconnected is needed. But when I
> start the X-server using some DM, like for instance SDDM, the app works fine
> without the flag. So why is that?
Maybe something is launched inside a terminal but another no? Just
guessing. When is a terminal allocated and
under which conditions?
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20180530/70394b80/attachment.html>
More information about the AppArmor
mailing list