[apparmor] When DAC fails/invokes Apparmor Hooks with example
Casey Schaufler
casey at schaufler-ca.com
Mon Jun 14 22:54:50 UTC 2021
On 6/14/2021 3:45 PM, Murali Selvaraj wrote:
> Hi All,
>
> In general, Apparmor hooks will be called after DAC check/validation.
> I would like to understand the theory by writing into a sample script
> as follows.
>
> Created an empty profile for this demo.sh in complain mode to understand what
> the operation has been done as part of the script.
>
> However, I could not see any apparmor logs (complaint mode logs
> ALLOWED) for this script profile.
> Can you please suggest what changes need to be done in the script in
> order to reach Apparmor hooks
> to get the Apparmor logs.
>
> Also, pls advise me on how to find when DAC would be failed/DAC given
> details to Apparmor hooks.
> Pls share any easy reference code or sample code for understanding.
>
> #!/bin/bash
> while [ 1 ] ; do
> echo -n "How Apparmor called after DAC"
> cat /proc/self/attr/current
> kill -11 1
> iptables --list
> ping 8.8.8.8
> sleep 60
> done
What do you expect this script to do?
>
> Thanks
> Murali.S
>
More information about the AppArmor
mailing list