search

fititnt / AdHocSecurebox

AdHocSecurebox is an opinionated collection of scripts/docs to deal with sensitive data with average hardware and open source software. Work in progress.
The Unlicense
0 stars 0 forks source link

MVP of AppArmor profiles for Cryptomator on Ubuntu #31

Open fititnt opened 3 years ago

fititnt commented 3 years ago

An minimum viable product (MVP) of AppArmor profiles to use with Cryptomator

fititnt commented 3 years ago

Interesting. Very interesting. Actually do exist a tool that automate create AppArmor profiles.

Still not as smart as an human, but for a non-expert it definely seems to do better than start witht he apparmor-profiles/example/ubuntu/usr.bin.example-allow-all

The sudo aa-genprof /workspace/bin/cryptomator.AppImage command generated this profile

# Last Modified: Sat Nov  7 01:13:28 2020
#include <tunables/global>

/workspace/bin/cryptomator.AppImage flags=(complain) {
  #include <abstractions/base>
  #include <abstractions/nameservice>

  capability dac_read_search,
  capability sys_admin,

  /dev/fuse rw,
  /etc/fuse.conf r,
  /proc/*/mounts r,
  /tmp/.mount_cryptoMkNRmM/ r,
  /tmp/.mount_cryptoMkNRmM/bin/Cryptomator Ux,
  /tmp/.mount_cryptoo4xRVN/ r,
  /tmp/.mount_cryptoo4xRVN/bin/Cryptomator Px,
  /usr/bin/fusermount mrix,
  /workspace/bin/cryptomator.AppImage mr,

}

The /tmp definitely it did not get right.