Hi Casey, I was expecting Appamor logs for the above script when it runs in Apparmo complain mode. Do I need to update/modify to reach Apparmor LSM hooks?
Please share your inputs. Thanks Murali.S On Tue, Jun 15, 2021 at 4:32 AM Murali Selvaraj <[email protected]> wrote: > > Hi Casey, > > I am trying to understand that once a DAC check passes, it will invoke > Apparmor logs. > I loaded this script with an empty profile in compliant mode to > capture Apparmor logs. > > As mentioned, I could not see Apparmor logs. Do I need to change > anything in the script to invoke Apparmor/LSM hooks to collect > Apparmor logs. > > Thanks > Murali.S > > On Tue, Jun 15, 2021 at 4:24 AM Casey Schaufler <[email protected]> > wrote: > > > > On 6/14/2021 3:45 PM, Murali Selvaraj wrote: > > > Hi All, > > > > > > In general, Apparmor hooks will be called after DAC check/validation. > > > I would like to understand the theory by writing into a sample script > > > as follows. > > > > > > Created an empty profile for this demo.sh in complain mode to understand > > > what > > > the operation has been done as part of the script. > > > > > > However, I could not see any apparmor logs (complaint mode logs > > > ALLOWED) for this script profile. > > > Can you please suggest what changes need to be done in the script in > > > order to reach Apparmor hooks > > > to get the Apparmor logs. > > > > > > Also, pls advise me on how to find when DAC would be failed/DAC given > > > details to Apparmor hooks. > > > Pls share any easy reference code or sample code for understanding. > > > > > > #!/bin/bash > > > while [ 1 ] ; do > > > echo -n "How Apparmor called after DAC" > > > cat /proc/self/attr/current > > > kill -11 1 > > > iptables --list > > > ping 8.8.8.8 > > > sleep 60 > > > done > > > > What do you expect this script to do? > > > > > > > > Thanks > > > Murali.S > > > -- AppArmor mailing list [email protected] Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor
