我正在尝试使用 aa-genprof 为一个简单的 shell 脚本创建一个 apparmor 配置文件。但是当我选择 S [扫描选项] 时,它没有提示问题。如上所述,在它提示在单独的窗口中运行程序后,我在另一个窗口中运行了 shell 脚本。
如您所见,它再次提示运行脚本。操作系统是 Ubuntu 18
root@k02:~# aa-genprof /root/exm.sh
Writing updated profile for /root/exm.sh.
Setting /root/exm.sh to complain mode.
Before you begin, you may wish to check if a
profile already exists for the application you
wish to confine. See the following wiki page for
more information:
http://wiki.apparmor.net/index.php/Profiles
Profiling: /root/exm.sh
Please start the application to be profiled in
another window and exercise its functionality now.
Once completed, select the "Scan" option below in
order to scan the system logs for AppArmor events.
For each AppArmor event, you will be given the
opportunity to choose whether the access should be
allowed or denied.
[(S)can system log for AppArmor events] / (F)inish
Reading log entries from /var/log/syslog.
Updating AppArmor profiles in /etc/apparmor.d.
Profiling: /root/exm.sh
Please start the application to be profiled in
another window and exercise its functionality now.
Once completed, select the "Scan" option below in
order to scan the system logs for AppArmor events.
For each AppArmor event, you will be given the
opportunity to choose whether the access should be
allowed or denied.
[(S)can system log for AppArmor events] / (F)inish
Setting /root/exm.sh to enforce mode.
答案1
#!/bin/bash您的脚本顶部有吗?刚刚遇到了同样的问题,我添加行后,AppArmor 便按预期工作了。