Q: How to associate an apparmor profile with a listed binary in a framework?

Jon Seymour jon at ninjablocks.com
Sun Mar 22 09:36:59 UTC 2015 

What I ended up doing was changing this:

binaries:
 - name: ./bin/my-binary
    apparmor-profile: meta/my-binary.profile

to this:

binaries:
  - name: ./bin/my-binary
integration:
  - name: ./bin/my-binary
    apparmor-profile: meta/my-binary.profile

And this then did do the expected thing.

I think increasing the version number usually isn't necessary if you do:
sudo aa-profile-hook -f (in cases where .profiles are used) ad sudo
aa-clickhook (in cases where .apparmor files are used). This from the "Helpful
degugging commands" section of
https://wiki.ubuntu.com/SecurityTeam/Specifications/SnappyConfinement?action=recall&rev=21

jon.


On Sun, Mar 22, 2015 at 8:24 PM, Gábor Paller <gaborpaller at gmail.com> wrote:

> have you tried to increase the version in your package?
>
> regards,
> gabor
> On 22 Mar 2015 07:37, "Jon Seymour" <jon at ninjablocks.com> wrote:
>
>> I am trying to extend the permissions associated with a binary that is
>> listed in the package.yaml directory of my framework. I modelled the
>> approach on the way profiles are associated with services and so the
>> package.yaml snippet looks like:
>>
>> binaries:
>>  - name: ./bin/my-binary
>>     apparmor-profile: meta/my-binary.profile
>>
>> I then repackage the framework with the snappy tool and install it
>> remotely, then I re-run sudo aa-clickhook -f and sudo aa-profilehook -f.
>>
>> However, the resulting apparmor profile in:
>>
>>
>> /var/lib/apparmor/profiles/click_{my-framework}_{my-binary}_{my-framework-version}
>>
>> is just the default profile, rather than the one I specified in
>> meta/my-binary.profile.
>>
>> What am I doing wrong? What do I need to change?
>>
>> jon.
>>
>>
>> --
>> snappy-devel mailing list
>> snappy-devel at lists.ubuntu.com
>> Modify settings or unsubscribe at:
>> https://lists.ubuntu.com/mailman/listinfo/snappy-devel
>>
>>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ubuntu.com/archives/snappy-devel/attachments/20150322/7b1eeb07/attachment.html>

More information about the snappy-devel mailing list