On 6/14/21 4:02 PM, Murali Selvaraj wrote: > Hi Casey, > > I am trying to understand that once a DAC check passes, it will invoke > Apparmor logs.
this isn't true for every hook, especially with the security_path_ hooks In general I prefer to say that both DAC and MAC will get called, as the ordering isn't always DAC then MAC > I loaded this script with an empty profile in compliant mode to > capture Apparmor logs. > Is the profile attached to the task? Can you provide the output of ps -Z for the script or put into the script cat /proc/self/attr/current also how did you put the profile into complain mode and how did you load it into the kernel? > As mentioned, I could not see Apparmor logs. Do I need to change > anything in the script to invoke Apparmor/LSM hooks to collect > Apparmor logs. > quite possibly. My guess is the profile is not attaching to the script and we need to determine why. You could also potentially try launching the script with aa-exec -dp your_profile -- your_script -- AppArmor mailing list [email protected] Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor
