SledgehammerPL

Asked: 2019-07-27 04:24:42 +0800 CST2019-07-27 04:24:42 +0800 CST 2019-07-27 04:24:42 +0800 CST

lxc with apparmor - where should be defined profiles

I created /root/example.sh from here at the host, and with aa-genprof denied it.

# ./example.sh
This is an apparmor example.
./example.sh: line 5: /usr/bin/touch: Permission denied
File created
./example.sh: line 8: /bin/rm: Permission denied
File deleted

great - it works!

But if i copy it into containers (at the same /root folder) it works normal (without any restrictions).

First think is to install apparmor at container, but wait!!! some of processes inside containers logs into host syslog (postdrop is denied to access dynamicmaps.cd.d - and this postdrop is running in container!).

So somehow I have to add example.sh into host apparmor.d, and it should also affect all containers... But how?

lxc with apparmor - where should be defined profiles

Can you pass user/pass for HTTP Basic Authentication in URL parameters?

Ping a Specific Port

Check if port is open or closed on a Linux server?

How to automate SSH login with password?

How do I tell Git for Windows where to find my private RSA key?

What's the default superuser username/password for postgres after a new install?

What port does SFTP use?

Command line to list users in a Windows Active Directory group?

What is a Pem file and how does it differ from other OpenSSL Generated Key File Formats?

How to determine if a bash variable is empty?

lxc with apparmor - where should be defined profiles

0 Answers