Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
AppArmor aa-genprof fails to find include file
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
hadadat
n00b
n00b


Joined: 16 May 2015
Posts: 16

PostPosted: Sat Jun 24, 2017 6:12 pm    Post subject: AppArmor aa-genprof fails to find include file Reply with quote

Hello,

I've recently setup AppArmor. I'm trying to use the tool aa-genprof to generate some new profiles. Whenever I run the command I get an error about an Include file missing

Code:

# aa-genprof /usr/bin/evince

ERROR: Include file /etc/apparmor.d/local/usr.sbin.sshd not found


I emerged apparmor-profiles, libapparmor and apparmor utils. Am I missing something else?
Back to top
View user's profile Send private message
hadadat
n00b
n00b


Joined: 16 May 2015
Posts: 16

PostPosted: Sun Jun 25, 2017 8:13 am    Post subject: Reply with quote

I realized every file under /etc/apparmor.d/local is just comments

Code:

# cat /etc/apparmor.d/local/*
# Site-specific additions and overrides for 'bin.ping'
# This directory is intended to contain profile additions and overrides for
# inclusion by distributed profiles to aid in packaging AppArmor for
# distributions.
#
# The shipped profiles in /etc/apparmor.d can still be modified by an
# administrator and people should modify the shipped profile when making
# large policy changes, rather than trying to make those adjustments here.
#
# For simple access additions or the occasional deny override, adjusting them
# here can prevent the package manager of the distribution from interfering
# with local modifications. As always, new policy should be reviewed to ensure
# it is appropriate for your site.
#
# For example, if the shipped /etc/apparmor.d/usr.sbin.smbd profile has:
#   #include <local/usr.sbin.smbd>
#
# then an administrator can adjust /etc/apparmor.d/local/usr.sbin.smbd to
# contain any additional paths to be allowed, such as:
#
#   /var/exports/** lrwk,
#
# Keep in mind that 'deny' rules are evaluated after allow rules, so you won't
# be able to allow access to files that are explicitly denied by the shipped
# profile using this mechanism.
# Site-specific additions and overrides for 'sbin.klogd'
# Site-specific additions and overrides for 'sbin.syslogd'
# Site-specific additions and overrides for 'sbin.syslog-ng'
# Site-specific additions and overrides for 'usr.lib.apache2.mpm-prefork.apache2'
# Site-specific additions and overrides for 'usr.lib.dovecot.anvil'
# Site-specific additions and overrides for 'usr.lib.dovecot.auth'
# Site-specific additions and overrides for 'usr.lib.dovecot.config'
# Site-specific additions and overrides for 'usr.lib.dovecot.deliver'
# Site-specific additions and overrides for 'usr.lib.dovecot.dict'
# Site-specific additions and overrides for 'usr.lib.dovecot.dovecot-auth'
# Site-specific additions and overrides for 'usr.lib.dovecot.dovecot-lda'
# Site-specific additions and overrides for 'usr.lib.dovecot.imap'
# Site-specific additions and overrides for 'usr.lib.dovecot.imap-login'
# Site-specific additions and overrides for 'usr.lib.dovecot.lmtp'
# Site-specific additions and overrides for 'usr.lib.dovecot.log'
# Site-specific additions and overrides for 'usr.lib.dovecot.managesieve'
# Site-specific additions and overrides for 'usr.lib.dovecot.managesieve-login'
# Site-specific additions and overrides for 'usr.lib.dovecot.pop3'
# Site-specific additions and overrides for 'usr.lib.dovecot.pop3-login'
# Site-specific additions and overrides for 'usr.lib.dovecot.ssl-params'
# Site-specific additions and overrides for 'usr.sbin.apache2'
# Site-specific additions and overrides for 'usr.sbin.avahi-daemon'
# Site-specific additions and overrides for 'usr.sbin.dnsmasq'
# Site-specific additions and overrides for 'usr.sbin.dovecot'
# Site-specific additions and overrides for 'usr.sbin.identd'
# Site-specific additions and overrides for 'usr.sbin.mdnsd'
# Site-specific additions and overrides for 'usr.sbin.nmbd'
# Site-specific additions and overrides for 'usr.sbin.nscd'
# Site-specific additions and overrides for 'usr.sbin.ntpd'
# Site-specific additions and overrides for 'usr.sbin.smbd'
# Site-specific additions and overrides for 'usr.sbin.smbldap-useradd'
# Site-specific additions and overrides for 'usr.sbin.traceroute'
# Site-specific additions and overrides for 'usr.sbin.winbindd'


I figure having an empty file named /etc/apparmor.d/local/usr.sbin.sshd is all it wants.

After creating the file aa-genprof no longer fails with error.

If someone knows if this file isn't supposed to be empty please let me know.
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum