Пост #156240 |
сохранен 12.12.2020 14:57
- Редактировать пост
- Печать
- Скачать
- Сравнить с первичным постом
- Перейти к первичному посту
- Посты-ответы на этот пост: # 274958
- Посмотреть дерево постов
-
Сравнить с постом
#
Текст поста
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 | [admin@server ~]$ sudo aa-genprof free Before you begin, you may wish to check if a profile already exists for the application you wish to confine. See the following wiki page for more information: https://gitlab.com/apparmor/apparmor/wikis/Profiles Profiling: /usr/bin/free Please start the application to be profiled in another window and exercise its functionality now. Once completed, select the "Scan" option below in order to scan the system logs for AppArmor events. For each AppArmor event, you will be given the opportunity to choose whether the access should be allowed or denied. [(S)can system log for AppArmor events] / (F)inish Reading log entries from /var/log/syslog. Updating AppArmor profiles in /etc/apparmor.d. Complain-mode changes: Profile: /usr/bin/free Path: /proc/sys/kernel/osrelease New Mode: r Severity: 6 [1 - /proc/sys/kernel/osrelease r,] (A)llow / [(D)eny] / (I)gnore / (G)lob / Glob with (E)xtension / (N)ew / Audi(t) / Abo(r)t / (F)inish Adding /proc/sys/kernel/osrelease r, to profile. = Changed Local Profiles = The following local profiles were changed. Would you like to save them? [1 - /usr/bin/free] (S)ave Changes / Save Selec(t)ed Profile / [(V)iew Changes] / View Changes b/w (C)lean profiles / Abo(r)t = Changed Local Profiles = The following local profiles were changed. Would you like to save them? [1 - /usr/bin/free] (S)ave Changes / Save Selec(t)ed Profile / [(V)iew Changes] / View Changes b/w (C)lean profiles / Abo(r)t Writing updated profile for /usr/bin/free. Profiling: /usr/bin/free Please start the application to be profiled in another window and exercise its functionality now. Once completed, select the "Scan" option below in order to scan the system logs for AppArmor events. For each AppArmor event, you will be given the opportunity to choose whether the access should be allowed or denied. [(S)can system log for AppArmor events] / (F)inish Reloaded AppArmor profiles in enforce mode. Please consider contributing your new profile! See the following wiki page for more information: https://gitlab.com/apparmor/apparmor/wikis/Profiles Finished generating profile for /usr/bin/free. |