Difference between revisions of "AppArmor"

From wikieduonline
Jump to navigation Jump to search
Line 3: Line 3:
 
  apparmor_status
 
  apparmor_status
  
  /etc/apparmor.d/[[libvirt]]
+
  [[/etc/apparmor.d/]][[libvirt]]
  
 
  May 01 17:34:39 g-cc audit[188993]: AVC apparmor="DENIED" operation="open" profile="snap.[[rocketchat-server]].rocketchat-mongo" name="/proc/188993/net/netstat" pid=188993 comm="ftdc" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
 
  May 01 17:34:39 g-cc audit[188993]: AVC apparmor="DENIED" operation="open" profile="snap.[[rocketchat-server]].rocketchat-mongo" name="/proc/188993/net/netstat" pid=188993 comm="ftdc" requested_mask="r" denied_mask="r" fsuid=0 ouid=0

Revision as of 20:19, 23 September 2020

wikipedia:AppArmor ("Application Armor") is a Linux kernel security module that allows the system administrator to restrict programs' capabilities with per-program profiles.

apparmor_status
/etc/apparmor.d/libvirt
May 01 17:34:39 g-cc audit[188993]: AVC apparmor="DENIED" operation="open" profile="snap.rocketchat-server.rocketchat-mongo" name="/proc/188993/net/netstat" pid=188993 comm="ftdc" requested_mask="r" denied_mask="r" fsuid=0 ouid=0


To disable AppArmor:

 GRUB_CMDLINE_LINUX_DEFAULT="$GRUB_CMDLINE_LINUX_DEFAULT apparmor=0"
 update-grub


 cat /proc/cmdline
 sudo systemctl disable apparmor
 reboot


Related terms


See also

Advertising: