Testing apparmor profiles

The name of the pictureThe name of the pictureThe name of the pictureClash Royale CLAN TAG#URR8PPP











up vote
0
down vote

favorite












How can I get a list of all files a confined program is allowed to access or how can I test if I really can't access a specific file? Apparmor profiles include wildcards, things like @home or @proc and sometimes also include global profiles. Is there some apparmor command which can do this or do I need to manually get through the profile? Maybe some kind of bruteforce approach is also possible. For running in the context of a browser you could maybe do some scripting and try to open each file on the disk and see what happens. I'm not so sure how this could be done with other confined programs though.










share|improve this question





















  • You could look at using aa-genprof. This will allow you see see what files are being referenced by a process under apparmor.
    – Raman Sailopal
    Aug 13 at 13:06














up vote
0
down vote

favorite












How can I get a list of all files a confined program is allowed to access or how can I test if I really can't access a specific file? Apparmor profiles include wildcards, things like @home or @proc and sometimes also include global profiles. Is there some apparmor command which can do this or do I need to manually get through the profile? Maybe some kind of bruteforce approach is also possible. For running in the context of a browser you could maybe do some scripting and try to open each file on the disk and see what happens. I'm not so sure how this could be done with other confined programs though.










share|improve this question





















  • You could look at using aa-genprof. This will allow you see see what files are being referenced by a process under apparmor.
    – Raman Sailopal
    Aug 13 at 13:06












up vote
0
down vote

favorite









up vote
0
down vote

favorite











How can I get a list of all files a confined program is allowed to access or how can I test if I really can't access a specific file? Apparmor profiles include wildcards, things like @home or @proc and sometimes also include global profiles. Is there some apparmor command which can do this or do I need to manually get through the profile? Maybe some kind of bruteforce approach is also possible. For running in the context of a browser you could maybe do some scripting and try to open each file on the disk and see what happens. I'm not so sure how this could be done with other confined programs though.










share|improve this question













How can I get a list of all files a confined program is allowed to access or how can I test if I really can't access a specific file? Apparmor profiles include wildcards, things like @home or @proc and sometimes also include global profiles. Is there some apparmor command which can do this or do I need to manually get through the profile? Maybe some kind of bruteforce approach is also possible. For running in the context of a browser you could maybe do some scripting and try to open each file on the disk and see what happens. I'm not so sure how this could be done with other confined programs though.







linux apparmor






share|improve this question













share|improve this question











share|improve this question




share|improve this question










asked Aug 13 at 12:47









tw00t

1




1











  • You could look at using aa-genprof. This will allow you see see what files are being referenced by a process under apparmor.
    – Raman Sailopal
    Aug 13 at 13:06
















  • You could look at using aa-genprof. This will allow you see see what files are being referenced by a process under apparmor.
    – Raman Sailopal
    Aug 13 at 13:06















You could look at using aa-genprof. This will allow you see see what files are being referenced by a process under apparmor.
– Raman Sailopal
Aug 13 at 13:06




You could look at using aa-genprof. This will allow you see see what files are being referenced by a process under apparmor.
– Raman Sailopal
Aug 13 at 13:06















active

oldest

votes











Your Answer







StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "106"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);

StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);

else
createEditor();

);

function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
convertImagesToLinks: false,
noModals: false,
showLowRepImageUploadWarning: true,
reputationToPostImages: null,
bindNavPrevention: true,
postfix: "",
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);



);













 

draft saved


draft discarded


















StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f462292%2ftesting-apparmor-profiles%23new-answer', 'question_page');

);

Post as a guest



































active

oldest

votes













active

oldest

votes









active

oldest

votes






active

oldest

votes















 

draft saved


draft discarded















































 


draft saved


draft discarded














StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f462292%2ftesting-apparmor-profiles%23new-answer', 'question_page');

);

Post as a guest













































































Popular posts from this blog

How to check contact read email or not when send email to Individual?

Displaying single band from multi-band raster using QGIS

How many registers does an x86_64 CPU actually have?