[apparmor] Generating the profile cache on a different machine
John Johansen
john.johansen at canonical.com
Thu Apr 2 16:43:11 UTC 2020
On 4/2/20 7:53 AM, Alberto Mardegan wrote:
> Hi,
>
> On 02/04/20 16:48, intrigeri wrote:
>> At Tails we do ship a binary, compiled policy in our live system:
>>
>> https://salsa.debian.org/tails-team/tails/-/blob/master/config/chroot_local-hooks/99-cache-AppArmor-policy
>> https://salsa.debian.org/tails-team/tails/-/blob/master/config/chroot_local-hooks/01-check-for-outdated-AppArmor-feature-set
>
> A couple of questions:
>
> 1) where is apparmor_parser being run? Is it a chroot?
>
I am not sure how intrigeri is running it, but it doesn't need to be done in a chroot
> 2) your scripts are checking the features in
> /usr/share/apparmor-features; I don't have this directory in this
> machine; what is it?
>
its a copy of the features file from a cache. So /var/cache/apparmor/.features or /etc/apparmor.d/cache/.features
More information about the AppArmor
mailing list