[apparmor] Solutions for scripting files, e.g perl python
Christian Boltz
apparmor at cboltz.de
Tue Jan 14 20:47:54 UTC 2014
Hello,
Am Dienstag, 14. Januar 2014 schrieb Kshitij Gupta:
> On Jan 14, 2014 11:54 AM, "Aaron Lewis" wrote:
> > It looks like one cannot create a profile for a scrit, e.g perl or
> > python
> >
> > Am I wrong?
> >
> > I don't want a single profile for all script that runs by the same
> > interpreter
> The above works when the script is run as an executable. Though it
> didn't work for me when used via idle or using python (my naive guess
> would be because child profiles were not used by python/idle)
>
> More experience members can shed more light on the matter.
Correct - the profile /path/to/script is used if the script is
executable and you call it as a standalone command ("./script" or just
"script" if it's in $PATH)
If you call the script with "python script", then the /path/to/script
profile is not used - in this case, AppArmor only looks for a profile
for "python".
Another option is to run
aa-exec -p /path/to/script python /path/to/script
(note: I never tested aa-exec ;-)
For additiional complexity, load the libapparmor bindings in your script
and call change_profile - but chmod +x is much easier ;-)
Regards,
Christian Boltz
--
The manual said the program requires Windows 95 or better,
so I installed Linux.
More information about the AppArmor
mailing list