[apparmor] When DAC fails/invokes Apparmor Hooks with example
Murali Selvaraj
murali.selvaraj2003 at gmail.com
Mon Jun 14 23:02:42 UTC 2021
Hi Casey,
I am trying to understand that once a DAC check passes, it will invoke
Apparmor logs.
I loaded this script with an empty profile in compliant mode to
capture Apparmor logs.
As mentioned, I could not see Apparmor logs. Do I need to change
anything in the script to invoke Apparmor/LSM hooks to collect
Apparmor logs.
Thanks
Murali.S
On Tue, Jun 15, 2021 at 4:24 AM Casey Schaufler <casey at schaufler-ca.com> wrote:
>
> On 6/14/2021 3:45 PM, Murali Selvaraj wrote:
> > Hi All,
> >
> > In general, Apparmor hooks will be called after DAC check/validation.
> > I would like to understand the theory by writing into a sample script
> > as follows.
> >
> > Created an empty profile for this demo.sh in complain mode to understand what
> > the operation has been done as part of the script.
> >
> > However, I could not see any apparmor logs (complaint mode logs
> > ALLOWED) for this script profile.
> > Can you please suggest what changes need to be done in the script in
> > order to reach Apparmor hooks
> > to get the Apparmor logs.
> >
> > Also, pls advise me on how to find when DAC would be failed/DAC given
> > details to Apparmor hooks.
> > Pls share any easy reference code or sample code for understanding.
> >
> > #!/bin/bash
> > while [ 1 ] ; do
> > echo -n "How Apparmor called after DAC"
> > cat /proc/self/attr/current
> > kill -11 1
> > iptables --list
> > ping 8.8.8.8
> > sleep 60
> > done
>
> What do you expect this script to do?
>
> >
> > Thanks
> > Murali.S
> >
More information about the AppArmor
mailing list