This shows you the differences between two versions of the page.
Previous revision | |||
— | fuss:apparmor [2022/04/19 08:28] (current) – external edit 127.0.0.1 | ||
---|---|---|---|
Line 1: | Line 1: | ||
+ | ====== Sending Messages to File ====== | ||
+ | |||
+ | Add an '' | ||
+ | < | ||
+ | # Log kernel generated apparmor log messages to file | ||
+ | : | ||
+ | |||
+ | # Uncomment the following to stop logging anything that matches the last rule. | ||
+ | # Doing this will stop logging kernel generated apparmor log messages to the file | ||
+ | # normally containing kern.* messages (eg, / | ||
+ | & ~ | ||
+ | </ | ||
+ | |||
+ | and then restart '' | ||
+ | |||
+ | Next, create a file at ''/ | ||
+ | < | ||
+ | / | ||
+ | rotate 4 | ||
+ | weekly | ||
+ | compress | ||
+ | missingok | ||
+ | } | ||
+ | |||
+ | </ | ||
+ | |||
+ | in order to make sure that ''/ | ||
+ | |||
+ | ====== Setting Application to Warn Only ====== | ||
+ | |||
+ | When running apparmor on a Linux distribution with packages that do not properly provide a profile for apparmor, some binaries will fail to launch or would otherwise generate errors. This can be observed in the kernel logs. For instance, the following message is displayed when the i2p daemon is started: | ||
+ | < | ||
+ | [ 2740.263615] audit: type=1400 audit(1637724187.039: | ||
+ | </ | ||
+ | and vaguely means that an operation '' | ||
+ | |||
+ | Fixing the apparmor profile itself is not a good solution in case there are package updates such that a temporary fix is to set the application to warn only yet still continue to run. This can be done, on Debian, for instance, by installing the '' | ||
+ | <code bash> | ||
+ | apt-get install apparmor-utils | ||
+ | </ | ||
+ | |||
+ | and then setting the offending application to warn only: | ||
+ | <code bash> | ||
+ | aa-complain system_i2p | ||
+ | </ | ||
+ | where: | ||
+ | * '' | ||
+ | |||
+ | |||