aa-status: add information on disabled profiles
Bug #1430513 reported by
Steve Beattie
This bug affects 3 people
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
AppArmor |
Triaged
|
Wishlist
|
Unassigned |
Bug Description
aa-status gives no information about profiles that have been disabled:
ubuntu@
total 0
lrwxrwxrwx 1 root root 31 Dec 13 08:06 usr.bin.firefox -> /etc/apparmor.
lrwxrwxrwx 1 root root 33 Dec 13 08:06 usr.sbin.rsyslogd -> /etc/apparmor.
ubuntu@
ubuntu@
It should probably do so, both alerting that profiles are disabled, and noting in particular if a process is running that would be covered by a currently disabled profile.
tags: | added: aa-tools |
To post a comment you must log in.
Yes, confusing.
aa-status tells me, among other things:
25 profiles are in complain mode. firefox/ firefox. sh
... /usr/lib/
That is the only reference it gives to Firefox. So it seems pretty clear that Firefox is not disabled.
Yet:
# ls /etc/apparmor. d/disable
usr.bin.firefox usr.sbin.rsyslogd
So it seems pretty clear that Firefox is disabled.