Apparmor 的aa-status
命令报告 apparmor 的状态,但是双斜杠和三斜杠在报告的配置文件列表中意味着什么或做什么?
例如, for//
中的双斜杠 ( )是什么/usr/bin/evince-previewer//sanitized_helper
?
以下是典型的 aa-status 输出:
# aa-status
apparmor module is loaded.
67 profiles are loaded.
50 profiles are in enforce mode.
/snap/core/13886/usr/lib/snapd/snap-confine
/snap/core/13886/usr/lib/snapd/snap-confine//mount-namespace-capture-helper
/usr/bin/evince
/usr/bin/evince-previewer
/usr/bin/evince-previewer//sanitized_helper
/usr/bin/evince-thumbnailer
/usr/bin/evince//sanitized_helper
/usr/bin/freshclam
/usr/bin/man
/usr/bin/pidgin
/usr/bin/pidgin//sanitized_helper
/usr/bin/totem
/usr/bin/totem-audio-preview
/usr/bin/totem-video-thumbnailer
/usr/bin/totem//sanitized_helper
/usr/lib/cups/backend/cups-pdf
/usr/lib/snapd/snap-confine
/usr/lib/snapd/snap-confine//mount-namespace-capture-helper
/usr/lib/telepathy/mission-control-5
/usr/lib/telepathy/telepathy-*
/usr/lib/telepathy/telepathy-*//pxgsettings
/usr/lib/telepathy/telepathy-*//sanitized_helper
/usr/lib/telepathy/telepathy-ofono
/usr/lib/x86_64-linux-gnu/lightdm/lightdm-guest-session
/usr/lib/x86_64-linux-gnu/lightdm/lightdm-guest-session//chromium
/usr/sbin/cups-browsed
/usr/sbin/cupsd
/usr/sbin/cupsd//third_party
/usr/sbin/mysqld-akonadi
/usr/sbin/mysqld-akonadi///usr/sbin/mysqld
/usr/sbin/ntpd
apt-cacher-ng
lsb_release
man_filter
man_groff
nvidia_modprobe
nvidia_modprobe//kmod
snap-update-ns.core
snap-update-ns.snap-store
snap.core.hook.configure
snap.snap-store.hook.configure
snap.snap-store.snap-store
snap.snap-store.ubuntu-software
snap.snap-store.ubuntu-software-local-file
tcpdump
thunderbird
thunderbird//browser_java
thunderbird//browser_openjdk
thunderbird//gpg
thunderbird//sanitized_helper
17 profiles are in complain mode.
/usr/bin/irssi
/usr/sbin/dnsmasq
/usr/sbin/dnsmasq//libvirt_leaseshelper
avahi-daemon
identd
klogd
mdnsd
nmbd
nscd
ping
smbd
smbldap-useradd
smbldap-useradd///etc/init.d/nscd
syslog-ng
syslogd
thunderbird///opt/firefox/firefox-bin
traceroute
16 processes have profiles defined.
7 processes are in enforce mode.
/usr/bin/evince (12497)
/usr/bin/freshclam (1328)
/usr/sbin/cups-browsed (128117)
/usr/sbin/cupsd (128098)
/usr/sbin/ntpd (1369)
/usr/lib/thunderbird/thunderbird-bin (211830) thunderbird
/usr/lib/thunderbird/thunderbird-bin (211927) thunderbird
9 processes are in complain mode.
/usr/sbin/dnsmasq (828)
/usr/sbin/avahi-daemon (703) avahi-daemon
/usr/sbin/avahi-daemon (740) avahi-daemon
/usr/sbin/nmbd (1332) nmbd
/usr/sbin/nscd (716) nscd
/usr/sbin/smbd (1531) smbd
/usr/sbin/smbd (1705) smbd
/usr/sbin/smbd (1706) smbd
/usr/sbin/smbd (1708) smbd
0 processes are unconfined but have a profile defined.