Q: How to associate an apparmor profile with a listed binary in a framework?

Jon Seymour jon at ninjablocks.com
Sun Mar 22 06:36:39 UTC 2015


I am trying to extend the permissions associated with a binary that is
listed in the package.yaml directory of my framework. I modelled the
approach on the way profiles are associated with services and so the
package.yaml snippet looks like:

binaries:
 - name: ./bin/my-binary
    apparmor-profile: meta/my-binary.profile

I then repackage the framework with the snappy tool and install it
remotely, then I re-run sudo aa-clickhook -f and sudo aa-profilehook -f.

However, the resulting apparmor profile in:

/var/lib/apparmor/profiles/click_{my-framework}_{my-binary}_{my-framework-version}

is just the default profile, rather than the one I specified in
meta/my-binary.profile.

What am I doing wrong? What do I need to change?

jon.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ubuntu.com/archives/snappy-devel/attachments/20150322/6a6210da/attachment.html>


More information about the snappy-devel mailing list