[apparmor] Generating the profile cache on a different machine
intrigeri
intrigeri at boum.org
Thu Apr 2 18:02:17 UTC 2020
Hi,
Alberto Mardegan (2020-04-02):
> On 02/04/20 16:48, intrigeri wrote:
>> At Tails we do ship a binary, compiled policy in our live system:
>>
>> https://salsa.debian.org/tails-team/tails/-/blob/master/config/chroot_local-hooks/99-cache-AppArmor-policy
>> https://salsa.debian.org/tails-team/tails/-/blob/master/config/chroot_local-hooks/01-check-for-outdated-AppArmor-feature-set
>
> A couple of questions:
>
> 1) where is apparmor_parser being run? Is it a chroot?
It's run as part of the Tails build. Indeed, it's run in a chroot
(which itself is in a vagrant-libvirt VM).
> 2) your scripts are checking the features in
> /usr/share/apparmor-features; I don't have this directory in this
> machine; what is it?
That's a Debian thing, I guess you can ignore it.
More information about the AppArmor
mailing list