Compare Pastes
Differences between the pastes
#156239 (12.12.2020 14:55)
and
#176139 (25.04.2021 07:22).
| 1 | miko@ubu:~$ sudo aa-genprof free | |
| 2 | ||
| 3 | Before you begin, you may wish to check if a profile already exists for the application you wish to confine. See the following wiki page for more information: | |
| 4 | https://gitlab.com/apparmor/apparmor/wikis/Profiles | |
| 5 | ||
| 6 | Profiling: /usr/bin/free | |
| 7 | ||
| 8 | Please start the application to be profiled in another window and exercise its functionality now. | |
| 9 | ||
| 10 | Once completed, select the "Scan" option below in order to scan the system logs for AppArmor events. | |
| 11 | ||
| 12 | For each AppArmor event, you will be given the opportunity to choose whether the access should be | |
| 13 | allowed or denied. | |
| 14 | ||
| 15 | [(S)can system log for AppArmor events] / (F)inish | |
| 16 | Reading log entries from /var/log/syslog. | |
| 17 | Updating AppArmor profiles in /etc/apparmor.d. | |
| 18 | Complain-mode changes: | |
| 19 | ||
| 20 | Profile: /usr/bin/free | |
| 21 | Path: /proc/sys/kernel/osrelease | |
| 22 | New Mode: r | |
| 23 | Severity: 6 | |
| 24 | ||
| 25 | [1 - /proc/sys/kernel/osrelease r,] | |
| 26 | (A)llow / [(D)eny] / (I)gnore / (G)lob / Glob with (E)xtension / (N)ew / Audi(t) / Abo(r)t / (F)inish | |
| 27 | Adding /proc/sys/kernel/osrelease r, to profile. | |
| 28 | ||
| 29 | = Changed Local Profiles = | |
| 30 | ||
| 31 | The following local profiles were changed. Would you like to save them? | |
| 32 | ||
| 33 | [1 - /usr/bin/free] | |
| 34 | (S)ave Changes / Save Selec(t)ed Profile / [(V)iew Changes] / View Changes b/w (C)lean profiles / Abo(r)t | |
| 35 | ||
| 36 | = Changed Local Profiles = | |
| 37 | ||
| 38 | The following local profiles were changed. Would you like to save them? | |
| 39 | ||
| 40 | [1 - /usr/bin/free] | |
| 41 | (S)ave Changes / Save Selec(t)ed Profile / [(V)iew Changes] / View Changes b/w (C)lean profiles / Abo(r)t | |
| 42 | Writing updated profile for /usr/bin/free. | |
| 43 | ||
| 44 | Profiling: /usr/bin/free | |
| 45 | ||
| 46 | Please start the application to be profiled in another window and exercise its functionality now. | |
| 47 | Once completed, select the "Scan" option below in order to scan the system logs for AppArmor events. | |
| 48 | ||
| 49 | For each AppArmor event, you will be given the opportunity to choose whether the access should be | |
| 50 | allowed or denied. | |
| 51 | ||
| 52 | [(S)can system log for AppArmor events] / (F)inish | |
| 53 | ||
| 54 | Reloaded AppArmor profiles in enforce mode. | |
| 55 | ||
| 56 | Please consider contributing your new profile! | |
| 57 | See the following wiki page for more information: | |
| 58 | https://gitlab.com/apparmor/apparmor/wikis/Profiles | |
| 59 |