I've been trying to learn how to make my own AppArmor profiles, but I just can't seem to make it work. I have tried to make profiles for the Deluge and Transmission bittorrent clients using the aa-genprof tool from the apparmor-utils package. Below is an attempt with Transmission.
Code:
cgt@dpc4:~$ sudo aa-genprof transmission-gtk
[sudo] password for cgt:
Writing updated profile for /usr/bin/transmission-gtk.
Setting /usr/bin/transmission-gtk to complain mode.
Before you begin, you may wish to check if a
profile already exists for the application you
wish to confine. See the following wiki page for
more information:
http://wiki.apparmor.net/index.php/Profiles
Please start the application to be profiled in
another window and exercise its functionality now.
Once completed, select the "Scan" option below in
order to scan the system logs for AppArmor events.
For each AppArmor event, you will be given the
opportunity to choose whether the access should be
allowed or denied.
Profiling: /usr/bin/transmission-gtk
[(S)can system log for AppArmor events] / (F)inish
Reading log entries from /var/log/syslog.
Updating AppArmor profiles in /etc/apparmor.d.
Profiling: /usr/bin/transmission-gtk
[(S)can system log for AppArmor events] / (F)inish
Reading log entries from /var/log/syslog.
Profiling: /usr/bin/transmission-gtk
[(S)can system log for AppArmor events] / (F)inish
Setting /usr/bin/transmission-gtk to enforce mode.
Reloaded AppArmor profiles in enforce mode.
Please consider contributing your new profile!
See the following wiki page for more information:
http://wiki.apparmor.net/index.php/Profiles
Finished generating profile for /usr/bin/transmission-gtk.
After starting aa-genprof (as shown above) I started Transmission and “exercised” it. I tried pressing S a couple of times in the terminal window in which aa-genprof was running to scan the syslog for AppArmor events, but it didn't seem to do anything. aa-genprof generated the following useless profile:
Code:
# Last Modified: Sun Feb 15 21:23:43 2015
#include <tunables/global>
/usr/bin/transmission-gtk {
#include <abstractions/base>
/usr/bin/transmission-gtk mr,
}
I had some torrents running in Transmission and it binds on a port, so I would think that it would generate some AppArmor events for me to allow or deny, but apparently not. Am I doing something wrong? I am running Xubuntu 14.10.
Bookmarks