[apparmor] Apparmor profile enforce issue, when changing from root to non-root
swarna latha
sswarnas at gmail.com
Tue Sep 1 02:34:46 UTC 2020
Hi Seth,
I am getting the complete set of libraries used by my process with status=
AUDIT, right from /etc/ld.so.cache. It looks to me as though the profile is
not applied, though i have rules allowing the /etc/ld.so cache access.
As i have these file entries in my profile, i am not getting
ALLOWED/DENIED, hence not able to regenerate the profile with these events.
Thanks,
Swarna
On Mon, Aug 31, 2020 at 9:20 PM Seth Arnold <seth.arnold at canonical.com>
wrote:
> On Mon, Aug 31, 2020 at 08:25:26PM -0400, swarna latha wrote:
> > For non-root mode, tried to add the capabilities manually, all the 36
> > capabilities it did not work. But if i add the capability, (which is to
> > grant all capabilities, the last one highlighted below) the process
> starts.
>
> What messages do you get in dmesg or audit logs when you run your service
> without the 'capability,' line?
>
> Thanks
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20200831/aed82fab/attachment.html>
More information about the AppArmor
mailing list