Re: Apparmor: 1 processes are unconfined but have a profile defined

To: debian-user@lists.debian.org
Subject: Re: Apparmor: 1 processes are unconfined but have a profile defined
From: didier gaumet <didier.gaumet@gmail.com>
Date: Fri, 30 Jul 2021 05:18:23 -0700 (PDT)
Message-id: <[🔎] 2330f16a-dfeb-46b5-9ff6-036bd4085c13n@googlegroups.com>
In-reply-to: <CGxMt-2W5-5@gated-at.bofh.it>
References: <[🔎] CAMhqiMraK-5ZBCH6vCgRjcMNrkT9e7yHN7pF72ML_ipvLZPO2A@mail.gmail.com>

Hello,

Disclaimer: I never wrote an AppArmor profile

>From what I understand, unless you specify a deny rule, when you switch an AppArmor profile to complain mode, it complains but does not confine, so you would probably switch your AppArmor profile to enforce mode instead.

And I suspect that on a default Debian installation (Systemd instead of SysVinit), restarting unit or relading configuration by a /etc/init.d command instead of systemctl might have undesired effects.

https://wiki.debian.org/AppArmor/HowToUse
https://linuxhint.com/apparmor-profiles-ubuntu/

Reply to:

References:
- Apparmor: 1 processes are unconfined but have a profile defined
  - From: Ratan Gupta <ratankgupta31@gmail.com>

Prev by Date: Re: what binds to port
Next by Date: Re: what binds to port
Previous by thread: Apparmor: 1 processes are unconfined but have a profile defined
Next by thread: what binds to port
Index(es):
- Date
- Thread