[apparmor] Apparmor: global profile queries
Murali Selvaraj
murali.selvaraj2003 at gmail.com
Mon Jan 23 01:47:38 UTC 2023
Hi All,
I am trying to use a global/system-wide Apparmor profile to restrict the
executing of any scripts from /tmp folder.
As a first step, I added this entry (audit deny /tmp/* x,) and I was
expecting Apparmor audit logs while executing the script from /tmp/ (sh
/tmp/foo.sh).
Can you please suggest the inputs to get "audit" logs while executing any
script from /tmp/ folder.
cat global
profile global /** flags=(attach_disconnected) {
signal,
ptrace,
capability,
*audit deny /tmp/* x,*
allow / r,
allow /** pix,
allow /** rwlkm,
}
Thanks
Murali.S
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20230122/4caffc0b/attachment.html>
More information about the AppArmor
mailing list