Difference between revisions of "AppArmor"
Jump to navigation
Jump to search
Line 3: | Line 3: | ||
apparmor_status | apparmor_status | ||
− | /etc/apparmor.d/[[libvirt]] | + | [[/etc/apparmor.d/]][[libvirt]] |
May 01 17:34:39 g-cc audit[188993]: AVC apparmor="DENIED" operation="open" profile="snap.[[rocketchat-server]].rocketchat-mongo" name="/proc/188993/net/netstat" pid=188993 comm="ftdc" requested_mask="r" denied_mask="r" fsuid=0 ouid=0 | May 01 17:34:39 g-cc audit[188993]: AVC apparmor="DENIED" operation="open" profile="snap.[[rocketchat-server]].rocketchat-mongo" name="/proc/188993/net/netstat" pid=188993 comm="ftdc" requested_mask="r" denied_mask="r" fsuid=0 ouid=0 |
Revision as of 20:19, 23 September 2020
wikipedia:AppArmor ("Application Armor") is a Linux kernel security module that allows the system administrator to restrict programs' capabilities with per-program profiles.
apparmor_status
/etc/apparmor.d/libvirt
May 01 17:34:39 g-cc audit[188993]: AVC apparmor="DENIED" operation="open" profile="snap.rocketchat-server.rocketchat-mongo" name="/proc/188993/net/netstat" pid=188993 comm="ftdc" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
To disable AppArmor:
GRUB_CMDLINE_LINUX_DEFAULT="$GRUB_CMDLINE_LINUX_DEFAULT apparmor=0" update-grub
cat /proc/cmdline
sudo systemctl disable apparmor reboot
Related terms
See also
- AppArmor,
/etc/apparmor.d/libvirt
,apparmor_status
- Mandatory access control: AppArmor, SELinux, seccomp, System Integrity Protection (macOS)
Advertising: