Public bug reported:
Binary package hint: apparmor
Trying to use genprof to produce an apparmor profile I get empty
profiles, not containing enough to run the application.
Example:
# genprof ping
Then running ping www.google.no on another console successfully resolves
the ip and pings it.
I select S for scan and then F for finish in genprof, which produces this
output:
Profiling: /bin/ping
[(S)can system log for SubDomain events] / (F)inish
Reading log entries from /var/log/messages.
Updating AppArmor profiles in /etc/apparmor.d.
Profiling: /bin/ping
[(S)can system log for SubDomain events] / (F)inish
Setting /bin/ping to enforce mode.
Reloaded SubDomain profiles in enforce mode.
Finished generating profile for /bin/ping.
Regardless of which application I run, I then get a profile looking like this:
#include <tunables/global>
/bin/ping {
#include <abstractions/base>
}
Which isn't enough for a profile, isn't as restrictive as I'd like it, and
results in:
ping www.google.no
ping: unknown host www.google.no
** Affects: apparmor (Ubuntu)
Importance: Undecided
Status: New
--
aa-genprof produces empty profiles
https://bugs.launchpad.net/bugs/294600
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
