Hi Casey, I am trying to understand that once a DAC check passes, it will invoke Apparmor logs. I loaded this script with an empty profile in compliant mode to capture Apparmor logs.
As mentioned, I could not see Apparmor logs. Do I need to change anything in the script to invoke Apparmor/LSM hooks to collect Apparmor logs. Thanks Murali.S On Tue, Jun 15, 2021 at 4:24 AM Casey Schaufler <[email protected]> wrote: > > On 6/14/2021 3:45 PM, Murali Selvaraj wrote: > > Hi All, > > > > In general, Apparmor hooks will be called after DAC check/validation. > > I would like to understand the theory by writing into a sample script > > as follows. > > > > Created an empty profile for this demo.sh in complain mode to understand > > what > > the operation has been done as part of the script. > > > > However, I could not see any apparmor logs (complaint mode logs > > ALLOWED) for this script profile. > > Can you please suggest what changes need to be done in the script in > > order to reach Apparmor hooks > > to get the Apparmor logs. > > > > Also, pls advise me on how to find when DAC would be failed/DAC given > > details to Apparmor hooks. > > Pls share any easy reference code or sample code for understanding. > > > > #!/bin/bash > > while [ 1 ] ; do > > echo -n "How Apparmor called after DAC" > > cat /proc/self/attr/current > > kill -11 1 > > iptables --list > > ping 8.8.8.8 > > sleep 60 > > done > > What do you expect this script to do? > > > > > Thanks > > Murali.S > > -- AppArmor mailing list [email protected] Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor
