| View previous topic :: View next topic |
| Author |
Message |
hadadat
n00b
Joined: 16 May 2015
Posts: 16
|
 Posted: Sat Jun 24, 2017 6:12 pm Post subject: AppArmor aa-genprof fails to find include file |
 |
|
Hello,
I've recently setup AppArmor. I'm trying to use the tool aa-genprof to generate some new profiles. Whenever I run the command I get an error about an Include file missing
| Code: |
# aa-genprof /usr/bin/evince
ERROR: Include file /etc/apparmor.d/local/usr.sbin.sshd not found
|
I emerged apparmor-profiles, libapparmor and apparmor utils. Am I missing something else? |
|
| Back to top |
|
 |
hadadat
n00b
Joined: 16 May 2015
Posts: 16
|
| Posted: Sun Jun 25, 2017 8:13 am Post subject: |
|
|
I realized every file under /etc/apparmor.d/local is just comments
| Code: |
# cat /etc/apparmor.d/local/*
# Site-specific additions and overrides for 'bin.ping'
# This directory is intended to contain profile additions and overrides for
# inclusion by distributed profiles to aid in packaging AppArmor for
# distributions.
#
# The shipped profiles in /etc/apparmor.d can still be modified by an
# administrator and people should modify the shipped profile when making
# large policy changes, rather than trying to make those adjustments here.
#
# For simple access additions or the occasional deny override, adjusting them
# here can prevent the package manager of the distribution from interfering
# with local modifications. As always, new policy should be reviewed to ensure
# it is appropriate for your site.
#
# For example, if the shipped /etc/apparmor.d/usr.sbin.smbd profile has:
# #include <local/usr.sbin.smbd>
#
# then an administrator can adjust /etc/apparmor.d/local/usr.sbin.smbd to
# contain any additional paths to be allowed, such as:
#
# /var/exports/** lrwk,
#
# Keep in mind that 'deny' rules are evaluated after allow rules, so you won't
# be able to allow access to files that are explicitly denied by the shipped
# profile using this mechanism.
# Site-specific additions and overrides for 'sbin.klogd'
# Site-specific additions and overrides for 'sbin.syslogd'
# Site-specific additions and overrides for 'sbin.syslog-ng'
# Site-specific additions and overrides for 'usr.lib.apache2.mpm-prefork.apache2'
# Site-specific additions and overrides for 'usr.lib.dovecot.anvil'
# Site-specific additions and overrides for 'usr.lib.dovecot.auth'
# Site-specific additions and overrides for 'usr.lib.dovecot.config'
# Site-specific additions and overrides for 'usr.lib.dovecot.deliver'
# Site-specific additions and overrides for 'usr.lib.dovecot.dict'
# Site-specific additions and overrides for 'usr.lib.dovecot.dovecot-auth'
# Site-specific additions and overrides for 'usr.lib.dovecot.dovecot-lda'
# Site-specific additions and overrides for 'usr.lib.dovecot.imap'
# Site-specific additions and overrides for 'usr.lib.dovecot.imap-login'
# Site-specific additions and overrides for 'usr.lib.dovecot.lmtp'
# Site-specific additions and overrides for 'usr.lib.dovecot.log'
# Site-specific additions and overrides for 'usr.lib.dovecot.managesieve'
# Site-specific additions and overrides for 'usr.lib.dovecot.managesieve-login'
# Site-specific additions and overrides for 'usr.lib.dovecot.pop3'
# Site-specific additions and overrides for 'usr.lib.dovecot.pop3-login'
# Site-specific additions and overrides for 'usr.lib.dovecot.ssl-params'
# Site-specific additions and overrides for 'usr.sbin.apache2'
# Site-specific additions and overrides for 'usr.sbin.avahi-daemon'
# Site-specific additions and overrides for 'usr.sbin.dnsmasq'
# Site-specific additions and overrides for 'usr.sbin.dovecot'
# Site-specific additions and overrides for 'usr.sbin.identd'
# Site-specific additions and overrides for 'usr.sbin.mdnsd'
# Site-specific additions and overrides for 'usr.sbin.nmbd'
# Site-specific additions and overrides for 'usr.sbin.nscd'
# Site-specific additions and overrides for 'usr.sbin.ntpd'
# Site-specific additions and overrides for 'usr.sbin.smbd'
# Site-specific additions and overrides for 'usr.sbin.smbldap-useradd'
# Site-specific additions and overrides for 'usr.sbin.traceroute'
# Site-specific additions and overrides for 'usr.sbin.winbindd'
|
I figure having an empty file named /etc/apparmor.d/local/usr.sbin.sshd is all it wants.
After creating the file aa-genprof no longer fails with error.
If someone knows if this file isn't supposed to be empty please let me know. |
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
|
Networking & Security
