[apparmor] Question about defining a profile name via @{exec_path} variable
Mikhail Morfikov
mmorfikov at gmail.com
Thu Jan 10 17:32:21 UTC 2019
On 10/01/2019 14:58, Christian Boltz wrote:
> The proper solution / fix is to expand variables and to work on their
> content, but I'm afraind that isn't something I can do quickly.
>
> For now, you could use a workaround - prefix the variable name with the
> profile name [2], so that you have for example
>
> include <tunables/global>
> @{keepassxc_exec_path} = /usr/bin/keepassxc
> profile keepassxc @{keepassxc_exec_path} {
> #include <abstractions/base>
> @{keepassxc_exec_path} mr,
> }
>
> This should avoid that the tools error out.
But in such case there's no point in using the code snipped because still I
have to rewrite 4 places, so there's no difference compared to the regular
profile definition.
For now, I downgraded the following packages from 2.13.2-3 -> 2.13.1-3+b1:
python3-apparmor_2.13.1-3+b1_amd64.deb
apparmor-utils_2.13.1-3+b1_amd64.deb
And now the tools works fine:
# aa-disable usr.bin.keepassxc
Disabling /etc/apparmor.d/usr.bin.keepassxc.
So I'm going to stick with the version for a while and think what to do
with the problem.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20190110/6dbfb300/attachment.sig>
More information about the AppArmor
mailing list