[opensuse-security] Apparmor aa-genprof broken?
Ok, decided to open new thread.... I tried to create a new profile for VLC. I invoked aa-genprof /usr/bin/vlc and played around with VLC. But, when I press enter or (S)can in aa-genprof, nothing happens, a merely empty profile gets created. But, var log messages is full with DENIED messages, thus AppArmor detects how VLC accesses stuff. But aa-genprof seem to be unable to detect these things, it does not work. Then I tried to put the profile into complain mode and again played with VLC. Afterwards tried with aa-logprof to parse for AA messages. Again, it does not work. After I all, neither aa-genprof, nor aa-logprof creates profiles on my machine. I´m on openSUSE 13.1. Any hints on that? I really don´t want to create profiles completely manually....
On 08/20/2014 06:16 AM, pinguin74 wrote:
Ok, decided to open new thread....
I tried to create a new profile for VLC.
I invoked aa-genprof /usr/bin/vlc and played around with VLC.
But, when I press enter or (S)can in aa-genprof, nothing happens, a merely empty profile gets created.
But, var log messages is full with DENIED messages, thus AppArmor detects how VLC accesses stuff.
But aa-genprof seem to be unable to detect these things, it does not work.
Then I tried to put the profile into complain mode and again played with VLC.
Afterwards tried with aa-logprof to parse for AA messages.
Again, it does not work.
After I all, neither aa-genprof, nor aa-logprof creates profiles on my machine.
I´m on openSUSE 13.1.
Any hints on that?
I really don´t want to create profiles completely manually....
Have you made sure apparmor and auditd are running, i.e. systemctl status apparmor.service and systemctl status auditd.service? -- Joe Morris Registered Linux user 231871 running openSUSE 13.1 x86_64 -- To unsubscribe, e-mail: opensuse-security+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-security+owner@opensuse.org
Any hints on that?
I really don´t want to create profiles completely manually....
Have you made sure apparmor and auditd are running, i.e. systemctl status apparmor.service and systemctl status auditd.service?
Yes, I found out, auditd wasn´t running. I wonder why they don´t start it by default since AA needs it... Regards
Hello, Am Mittwoch, 20. August 2014 schrieb pinguin74:
Any hints on that?
I really don´t want to create profiles completely manually....
Have you made sure apparmor and auditd are running, i.e. systemctl status apparmor.service and systemctl status auditd.service?
Yes, I found out, auditd wasn´t running. I wonder why they don´t start it by default since AA needs it...
Technically, auditd isn't needed - syslog also works (but auditd has some advantages). The problem in your case is that you had auditd running in the past. aa-genprof and aa-logprof check if /var/log/audit/audit.log exists. If yes, they read it. Otherwise they automatically fall back to /var/log/messages. You can force aa-logprof and aa-genprof to a specific logfile by using -f /var/log/messages as parameter. Regards, Christian Boltz -- Weißt Du, man soll ja eigentlich keine Leute auf öffentlichen Mailinglisten beschimpfen, sie kratzen oder ihnen Tiernamen geben. Aber die traumwandlerische Sicherheit, mit der Du den relevanten Teil des Logs weggeschnitten hast, ist schon beeindruckend. Also, Du Hängebauchschwein, fühl Dich beschimpft und gekratzt ;-) [Stefan Förster in postfixbuch-users] -- To unsubscribe, e-mail: opensuse-security+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-security+owner@opensuse.org
participants (3)
-
Christian Boltz -
Joe Morris -
pinguin74