On 1/18/21 5:52 AM, Jaehyun Nam wrote:
> Hello Sylvain,
>
> This is the profile that I tried to apply
>
> abi <abi/3.0>,
>
> #include <tunables/global>
>
> profile test /home/namjh/apparmor-test/apparmor-bash/bash {
> #include <abstractions/base>
> #include <abstractions/bash>
> #include <abstractions/consoles>
>
> #deny /bin/touch x,
> deny /bin/sleep x,
>
> #deny network tcp dst 172.16.99.106,
> #deny network tcp dst 172.16.99.106:80,
> #deny network tcp src 172.16.99.105 dst 172.16.99.106,
> deny network tcp src 172.16.99.105:* dst 172.16.99.106:80,
> }
>
> When I commented out all network rules, it worked fine.
> However, once I enabled each of the network rules, I got this error message.
>
> AppArmor parser error for /etc/apparmor.d/apparmor-bash-profile in profile
> /etc/apparmor.d/apparmor-bash-profile at line 16: syntax error, unexpected
> TOK_ID, expecting TOK_END_OF_RULE
>
Unfortunately, fine grained network (address based mediation) for network rules
did not make it into the apparmor 3.0 release so this is unsupported atm. And
yes the reference manual needs some serious revisions.
--
AppArmor mailing list
[email protected]
Modify settings or unsubscribe at:
https://lists.ubuntu.com/mailman/listinfo/apparmor
