[apparmor] Question about defining a profile name via @{exec_path} variable
Seth Arnold
seth.arnold at canonical.com
Wed Jan 9 23:59:13 UTC 2019
On Wed, Jan 09, 2019 at 11:48:44PM +0100, Mikhail Morfikov wrote:
> @{exec_path} = /usr/bin/keepassxc
> profile keepassxc @{exec_path} {
> }
> # aa-complain usr.bin.keepassxc
> ERROR: Profile for @{exec_path} exists in /etc/apparmor.d/some-app and /etc/apparmor.d/some-other-app
> Should this happen? Should I avoid using the code
> snipped to make profiles and use regular paths instead?
I guess you'll have to decide if your abstraction to make it easy to
change the location of binaries saves you enough trouble that it's worth
no longer being able to use the python-based utilities. If you've built
enough infrastructure around your tooling it might be easy to extend it to
do whatever the python-based tooling does and you're missing. If you've
not yet built much infrastructure around your abstraction, this might not
be quite as compelling.
Thanks
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: not available
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20190109/c17032e8/attachment.sig>
More information about the AppArmor
mailing list