Testing apparmor profiles
Clash Royale CLAN TAG#URR8PPP
up vote
0
down vote
favorite
How can I get a list of all files a confined program is allowed to access or how can I test if I really can't access a specific file? Apparmor profiles include wildcards, things like @home or @proc and sometimes also include global profiles. Is there some apparmor command which can do this or do I need to manually get through the profile? Maybe some kind of bruteforce approach is also possible. For running in the context of a browser you could maybe do some scripting and try to open each file on the disk and see what happens. I'm not so sure how this could be done with other confined programs though.
linux apparmor
add a comment |Â
up vote
0
down vote
favorite
How can I get a list of all files a confined program is allowed to access or how can I test if I really can't access a specific file? Apparmor profiles include wildcards, things like @home or @proc and sometimes also include global profiles. Is there some apparmor command which can do this or do I need to manually get through the profile? Maybe some kind of bruteforce approach is also possible. For running in the context of a browser you could maybe do some scripting and try to open each file on the disk and see what happens. I'm not so sure how this could be done with other confined programs though.
linux apparmor
You could look at using aa-genprof. This will allow you see see what files are being referenced by a process under apparmor.
â Raman Sailopal
Aug 13 at 13:06
add a comment |Â
up vote
0
down vote
favorite
up vote
0
down vote
favorite
How can I get a list of all files a confined program is allowed to access or how can I test if I really can't access a specific file? Apparmor profiles include wildcards, things like @home or @proc and sometimes also include global profiles. Is there some apparmor command which can do this or do I need to manually get through the profile? Maybe some kind of bruteforce approach is also possible. For running in the context of a browser you could maybe do some scripting and try to open each file on the disk and see what happens. I'm not so sure how this could be done with other confined programs though.
linux apparmor
How can I get a list of all files a confined program is allowed to access or how can I test if I really can't access a specific file? Apparmor profiles include wildcards, things like @home or @proc and sometimes also include global profiles. Is there some apparmor command which can do this or do I need to manually get through the profile? Maybe some kind of bruteforce approach is also possible. For running in the context of a browser you could maybe do some scripting and try to open each file on the disk and see what happens. I'm not so sure how this could be done with other confined programs though.
linux apparmor
linux apparmor
asked Aug 13 at 12:47
tw00t
1
1
You could look at using aa-genprof. This will allow you see see what files are being referenced by a process under apparmor.
â Raman Sailopal
Aug 13 at 13:06
add a comment |Â
You could look at using aa-genprof. This will allow you see see what files are being referenced by a process under apparmor.
â Raman Sailopal
Aug 13 at 13:06
You could look at using aa-genprof. This will allow you see see what files are being referenced by a process under apparmor.
â Raman Sailopal
Aug 13 at 13:06
You could look at using aa-genprof. This will allow you see see what files are being referenced by a process under apparmor.
â Raman Sailopal
Aug 13 at 13:06
add a comment |Â
active
oldest
votes
active
oldest
votes
active
oldest
votes
active
oldest
votes
active
oldest
votes
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f462292%2ftesting-apparmor-profiles%23new-answer', 'question_page');
);
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
You could look at using aa-genprof. This will allow you see see what files are being referenced by a process under apparmor.
â Raman Sailopal
Aug 13 at 13:06