Run "aa-logprof -f audit-1014304.log", select "(C)hild" for cat, "(A)llow" for hello.txt and save the modified profile.
Run "aa-logprof -f audit-1014304.log" again - it will propose read access for cat and hello.txt in the main profile (which does _not_ require those permissions)
Minimal testcase:
Save this profile as /etc/apparmor. d/home. cb.linuxtag. apparmor. scripts. hello
/home/cb/ linuxtag/ apparmor/ scripts/ hello { cb/linuxtag/ apparmor/ scripts/ hello r, sys-tmp/ hello.txt w,
/home/
/home/
}
Then create a file audit-1014304.log and add the following 3 lines to it:
type=AVC msg=audit( 1408292461. 263:527) : apparmor="ALLOWED" operation="exec" profile= "/home/ cb/linuxtag/ apparmor/ scripts/ hello" name="/usr/bin/cat" pid=16989 comm="hello" requested_mask="x" denied_mask="x" fsuid=1000 ouid=0 target= "/home/ cb/linuxtag/ apparmor/ scripts/ hello// null-3" 1408292461. 264:533) : apparmor="ALLOWED" operation= "file_mprotect" profile= "/home/ cb/linuxtag/ apparmor/ scripts/ hello// null-3" name="/usr/bin/cat" pid=16989 comm="cat" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0 1408292461. 265:564) : apparmor="ALLOWED" operation="open" profile= "/home/ cb/linuxtag/ apparmor/ scripts/ hello// null-3" name="/ home/sys- tmp/hello. txt" pid=16989 comm="cat" requested_mask="r" denied_mask="r" fsuid=1000 ouid=1000
type=AVC msg=audit(
type=AVC msg=audit(
Run "aa-logprof -f audit-1014304.log", select "(C)hild" for cat, "(A)llow" for hello.txt and save the modified profile.
Run "aa-logprof -f audit-1014304.log" again - it will propose read access for cat and hello.txt in the main profile (which does _not_ require those permissions)