Compare Pastes
Differences between the pastes
#156239 (12.12.2020 14:55)
and
#156240 (12.12.2020 14:57).
| 1 | miko@ubu:~$ sudo aa-genprof free | |
| 1 | [admin@server ~]$ sudo aa-genprof free | |
| 2 | 2 | |
| 3 | 3 | Before you begin, you may wish to check if a profile already exists for the application you wish to confine. See the following wiki page for more information: |
| 4 | 4 | https://gitlab.com/apparmor/apparmor/wikis/Profiles |
| 5 | 5 | |
| 6 | 6 | Profiling: /usr/bin/free |
| 7 | 7 | |
| 8 | 8 | Please start the application to be profiled in another window and exercise its functionality now. |
| 9 | 9 | |
| 10 | 10 | Once completed, select the "Scan" option below in order to scan the system logs for AppArmor events. |
| 11 | 11 | |
| 12 | 12 | For each AppArmor event, you will be given the opportunity to choose whether the access should be |
| 13 | 13 | allowed or denied. |
| 14 | 14 | |
| 15 | 15 | [(S)can system log for AppArmor events] / (F)inish |
| 16 | 16 | Reading log entries from /var/log/syslog. |
| 17 | 17 | Updating AppArmor profiles in /etc/apparmor.d. |
| 18 | 18 | Complain-mode changes: |
| 19 | 19 | |
| 20 | 20 | Profile: /usr/bin/free |
| 21 | 21 | Path: /proc/sys/kernel/osrelease |
| 22 | 22 | New Mode: r |
| 23 | 23 | Severity: 6 |
| 24 | 24 | |
| 25 | 25 | [1 - /proc/sys/kernel/osrelease r,] |
| 26 | 26 | (A)llow / [(D)eny] / (I)gnore / (G)lob / Glob with (E)xtension / (N)ew / Audi(t) / Abo(r)t / (F)inish |
| 27 | 27 | Adding /proc/sys/kernel/osrelease r, to profile. |
| 28 | 28 | |
| 29 | 29 | = Changed Local Profiles = |
| 30 | 30 | |
| 31 | 31 | The following local profiles were changed. Would you like to save them? |
| 32 | 32 | |
| 33 | 33 | [1 - /usr/bin/free] |
| 34 | 34 | (S)ave Changes / Save Selec(t)ed Profile / [(V)iew Changes] / View Changes b/w (C)lean profiles / Abo(r)t |
| 35 | 35 | |
| 36 | 36 | = Changed Local Profiles = |
| 37 | 37 | |
| 38 | 38 | The following local profiles were changed. Would you like to save them? |
| 39 | 39 | |
| 40 | 40 | [1 - /usr/bin/free] |
| 41 | 41 | (S)ave Changes / Save Selec(t)ed Profile / [(V)iew Changes] / View Changes b/w (C)lean profiles / Abo(r)t |
| 42 | 42 | Writing updated profile for /usr/bin/free. |
| 43 | 43 | |
| 44 | 44 | Profiling: /usr/bin/free |
| 45 | 45 | |
| 46 | 46 | Please start the application to be profiled in another window and exercise its functionality now. |
| 47 | 47 | Once completed, select the "Scan" option below in order to scan the system logs for AppArmor events. |
| 48 | 48 | |
| 49 | 49 | For each AppArmor event, you will be given the opportunity to choose whether the access should be |
| 50 | 50 | allowed or denied. |
| 51 | 51 | |
| 52 | 52 | [(S)can system log for AppArmor events] / (F)inish |
| 53 | 53 | |
| 54 | 54 | Reloaded AppArmor profiles in enforce mode. |
| 55 | 55 | |
| 56 | 56 | Please consider contributing your new profile! |
| 57 | 57 | See the following wiki page for more information: |
| 58 | 58 | https://gitlab.com/apparmor/apparmor/wikis/Profiles |
| 59 | 59 |