Is there a way to specify a default profile on any executable that doesn't have a profile already defined?
The idea is to avoid any unconstrained processes.
apparmorSecurity
Is there a way to specify a default profile on any executable that doesn't have a profile already defined?
The idea is to avoid any unconstrained processes.
Best Answer
According to the mailing list, there could be a way to generate such a default profile in this way:
sources: Generate a default/fallback profile? No blacklisting and the responses that follow.
Note that "Currently setting a default profile that applies to the whole system from boot is a bit of a pain but we do have plans to improve that. Unfortunately there is enough other work happen that I don't see it happen soon." from John Johansen's response here.
Anyone interested is requested to read the thread in its entirety.