Open fititnt opened 3 years ago
Interesting. Very interesting. Actually do exist a tool that automate create AppArmor profiles.
Still not as smart as an human, but for a non-expert it definely seems to do better than start witht he apparmor-profiles/example/ubuntu/usr.bin.example-allow-all
The sudo aa-genprof /workspace/bin/cryptomator.AppImage
command generated this profile
# Last Modified: Sat Nov 7 01:13:28 2020
#include <tunables/global>
/workspace/bin/cryptomator.AppImage flags=(complain) {
#include <abstractions/base>
#include <abstractions/nameservice>
capability dac_read_search,
capability sys_admin,
/dev/fuse rw,
/etc/fuse.conf r,
/proc/*/mounts r,
/tmp/.mount_cryptoMkNRmM/ r,
/tmp/.mount_cryptoMkNRmM/bin/Cryptomator Ux,
/tmp/.mount_cryptoo4xRVN/ r,
/tmp/.mount_cryptoo4xRVN/bin/Cryptomator Px,
/usr/bin/fusermount mrix,
/workspace/bin/cryptomator.AppImage mr,
}
The /tmp definitely it did not get right.
https://cryptomator.org/
An minimum viable product (MVP) of AppArmor profiles to use with Cryptomator