Ubuntu – How does AppArmor deal with non-profiled Programs

apparmorSecurity

I setup and configured AppArmor in Ubuntu and I would like to know how AppArmor deals with Packages and Applications which have no AppArmor Profile?

After installing the package with sudo apt-get install apparmor-profiles, I have 175 profiles reported as loaded from aa-status

I cannot imagine I have only 175 programs installed on my box, and I would like to know what AppArmor does to prevent security breaches in programs that have no profile.

Best Answer

Accrding to the http://wiki.apparmor.net FAQ any program that has no profile is basically unprotected / unconstrained and can do any mischief in Ubuntu, almost in the same way as there would not have been any AppArmor in the first place

Related Solutions

AppArmor Security – Is Troubleshooting AppArmor with ‘Teardown’ Unsafe?

Here's what I was thinking of (from https://wiki.ubuntu.com/DebuggingApparmor ) -- "complain mode" . This doesn't address the issue of relative merits or consequences of this versus other debugging methods.

When debugging, it may also be useful to put apparmor into 'complain' mode. This will allow your application to function normally while apparmor reports accesses that are not in the profile. To enable 'complain' mode, use:
sudo aa-complain /path/to/bin
where '/path/to/bin' is the absolute path to the binary, as reported in the 'profile=...' portion of the 'audit' entry. Eg:
sudo aa-complain /usr/sbin/slapd
To re-enable enforcing mode, use 'aa-enforce' instead:
sudo aa-enforce /path/to/bin
To disable a profile:
sudo touch /etc/apparmor.d/disable/path.to.bin
sudo apparmor_parser -R /etc/apparmor.d/path.to.bin

When troubleshooting then, if there is something broken that appears to be related to a spooky permissions problem ('Hmm, looks like access control, but it's not a Unix permissions problem, or an NFS issue, or PAM issue, or a media mounting goof, etc. -- perhaps it's AppArmor.'), Kees Cook points out that best course of action is too check your system logs. Notably, per Kees Cook, "the output of dmesg will report all AppArmor denials, and will include the profile."

Ubuntu – AppArmor systemd startup error

You probably copied /etc/apparmod.d to ~backup, otherwise the rsync step would not work (or would not make any sense).

Best Answer

Related Solutions

AppArmor Security – Is Troubleshooting AppArmor with ‘Teardown’ Unsafe?

Ubuntu – AppArmor systemd startup error

Related Question