[apparmor] Questions about AppArmor's Code
Abhishek Vijeev
abhishekvijeev at iisc.ac.in
Wed Jun 12 12:32:53 UTC 2019
Hi,
I have a few questions about AppArmor's code and would be grateful if you could kindly answer them.
1) The documentation at this link https://gitlab.com/apparmor/apparmor/wikis/AppArmor_Core_Policy_Reference#address-expr<https://link.getmailspring.com/link/9A7F1FD4-2A3E-4F39-B6F2-7E351F787CA8@getmailspring.com/0?redirect=https%3A%2F%2Fgitlab.com%2Fapparmor%2Fapparmor%2Fwikis%2FAppArmor_Core_Policy_Reference%23address-expr&recipient=YXBwYXJtb3JAbGlzdHMudWJ1bnR1LmNvbQ%3D%3D> mentions the possibility of specifying a network rule as "network tcp src 192.168.1.1:80 dst 170.1.1.0:80". However this doesn't work, and after a little digging, I found out that the productions rules for this policy were available only in the grammar specification of AppArmor 2.1 (line number 670 of https://gitlab.com/apparmor/apparmor/blob/apparmor-2.1/parser/parser_yacc.y<https://link.getmailspring.com/link/9A7F1FD4-2A3E-4F39-B6F2-7E351F787CA8@getmailspring.com/1?redirect=https%3A%2F%2Fgitlab.com%2Fapparmor%2Fapparmor%2Fblob%2Fapparmor-2.1%2Fparser%2Fparser_yacc.y&recipient=YXBwYXJtb3JAbGlzdHMudWJ1bnR1LmNvbQ%3D%3D> ). I find this extremely useful, and am considering trying to add this to AppArmor as part of a larger project. Could you kindly clarify the reason for its removal? Were there any hurdles that made it difficult to accomplish this?
2) At what stage during the kernel boot process does AppArmor load the profiles? And from where does it obtain them? (am I correct in understanding that the profiles are stored in /sys/kernel/security/apparmor/policy ?)
3) Why does function 'aa_alloc_profile( )' allocate extra memory ? It seems to be allocating memory for 3 objects of type 'struct aa_profile'. (line number 262 of https://github.com/torvalds/linux/blob/master/security/apparmor/policy.c<https://link.getmailspring.com/link/9A7F1FD4-2A3E-4F39-B6F2-7E351F787CA8@getmailspring.com/2?redirect=https%3A%2F%2Fgithub.com%2Ftorvalds%2Flinux%2Fblob%2Fmaster%2Fsecurity%2Fapparmor%2Fpolicy.c&recipient=YXBwYXJtb3JAbGlzdHMudWJ1bnR1LmNvbQ%3D%3D> )
Thank you,
Abhishek.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20190612/b8b9ce37/attachment.html>
More information about the AppArmor
mailing list