Thanks a lot for clarifying this, Seth.
From: Seth Arnold
Sent: 23 August 2019 05:48:52
To: Abhishek Vijeev
Cc: apparmor@lists.ubuntu.com ; Rakesh Rajan Beck
Subject: Re: [apparmor] Help with AppArmor Full System Policy
On Wed, Aug 21, 2019 at 06:10:30AM
On Wed, Aug 21, 2019 at 06:10:30AM +, Abhishek Vijeev wrote:
> profile init-systemd /lib/systemd/** flags=(complain) {
> /usr/bin/colord/** cx -> colord_profile,
> profile colord_profile flags=(complain) {
> }
> }
> However the dmesg audit logs show the profile name for colord-sane
Hi,
We have successfully confined init according to documentation on this page:
https://gitlab.com/apparmor/apparmor/wikis/FullSystemPolicy, and verified that
it is working with the help of ps -auxZ.
Currently, we are trying to confine system daemons/services. But sometimes the
confinement