Closed robertmin2 closed 2 months ago
AppArmor is a Mandatory Access Control (MAC) system which confines programs to a limited set of resources. AppArmor confinement is provided via profiles loaded into the kernel.
To load/add a profile you need to copy the profile to /etc/apparmor.d
e.g for our case sudo cp -R -L profiles/* /etc/apparmor.d
I can add a Readme
, but I wanted to get intial feedback first
More info : https://ubuntu.com/tutorials/beginning-apparmor-profile-development#1-overview
I see. Thanks.
Is this something that an "upstream" project should provide (e.g. are these files Linux distribution agnostic)? Do you perhaps have examples of other projects that do so?
In general I have no problem with including something like this. It should probably go into a more descriptively named folder, e.g. contrib/apparmor/
.
Debian, Ubuntu & OpenSUSE derivatives, come preconfigured with AppArmor as the default, so it should be ready to use for these It appears that Monero was in the process of adding one, but didn't complete it Also, mysql does provide a profile
To load/add a profile you need to copy the profile to /etc/apparmor.d e.g for our case sudo cp -R -L profiles/* /etc/apparmor.d I can add a Readme, but I wanted to get intial feedback first
Could you add a short readme file (in same folder) saying what this is and how to use/test it?
Alright! Added the Readme
Looks good. Thanks.
Thank you for the quick feedback. I'll continue testing the profiles on various OSs in the coming weeks
Could you please provide some context what this is, and how it is supposed to be used?