For some time I've been using the following snipped to create new profiles:
------------------------
include <tunables/global>
@{exec_path} = /usr/bin/keepassxc
profile keepassxc @{exec_path} {
#include <abstractions/base>
@{exec_path} mr,
}
------------------------
The path of course changes as well as the profile name.
This was working fine for some time, and now it also works
without problems:
# aa-status| grep keepassx
keepassxc
...
/usr/bin/keepassxc (2732) keepassxc
So AppArmor is able to match the profile to whatever is in
the @{exec_path} variable. All of my profiles look like
this.
When I wanted to use some AppArmor tools, for instance
"aa-complain", I get the following error:
# aa-complain usr.bin.keepassxc
ERROR: Profile for @{exec_path} exists in /etc/apparmor.d/some-app and
/etc/apparmor.d/some-other-app
I think the error started to show after upgrading apparmor
package from 2.13.1 to 2.13.2 .
Should this happen? Should I avoid using the code
snipped to make profiles and use regular paths instead?
signature.asc
Description: OpenPGP digital signature
-- AppArmor mailing list [email protected] Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor
