Server Fault Stack Exchange
Server Fault Stack Exchange

Questions tagged [apparmor]

AppArmor ("Application Armor") is a mandatory access control (MAC) like security system for Linux. It is designed to work with standard Unix discretionary access control (DAC) permissions while being easy to use and deploy, by allowing an admin to confine only specific applications.

AppArmor ("Application Armor") is a mandatory access control (MAC) like security system for Linux. It is designed to work with standard Unix discretionary access control (DAC) permissions while being easy to use and deploy, by allowing an admin to confine only specific applications. Linux kernel security module allows the system administrator to restrict programs' capabilities with per-program profiles. Profiles can allow capabilities like network access, raw socket access, and the permission to read, write, or execute files on matching paths. AppArmor supplements the traditional Unix discretionary access control (DAC) model by providing mandatory access control (MAC). See more:

54 questions
0
votes
1 answer

How to install Apparmor profile on Ubuntu 14.04 for sendmail?

I am running sendmail on ubuntu 14.04 together with OpenEmm. The man page of OpenEmm claims that I have to add some lines to the Apparmor profile if it is active. Unfortunately there is no sendmail profile available, therefore I tried to install…
merlin
  • 2,033
  • 11
  • 37
  • 72
0
votes
3 answers

BIND9 denying queries from IPs outsite localnet (External IPs) on Ubuntu

BIND9 denying queries from IPs outsite localnet (External IPs) on Ubuntu. options { listen-on port 53 { any; }; directory "/var/bind"; allow-query { any; }; allow-query-cache {…
ZZ9
  • 838
  • 3
  • 16
  • 47
0
votes
2 answers

apparmor blocking mysql start

I'm running ubuntu 12.04 and moved the datadir for my mysql server (retaining same ownerships and permissions) from /var/lib/mysql to /u/apps/mysql in /etc/mysql/my.cnf, then I updated /etc/apparmor.d/usr.sbin.mysqld to include: /u/apps/mysql…
Craig
  • 289
  • 2
  • 7
0
votes
1 answer

Is there a way to restore iptables rules to the ones set after a fresh installation?

I have a server which is being kept behind a corporate firewall, so the corporate firewall takes care of all firewall issues. After making a fresh installation of the server, and setting the corresponding rules, the server allows traffic to the…
Luis M. Valenzuela
  • 107
  • 1
  • 1
  • 8
0
votes
1 answer

gcc sandboxing tool - AppArmor / CHROOT jail on Ubuntu 12.04

We have a Node application as the front end to a C++ sandboxing tool, which compiles code using gcc and outputs the result to the browser. e.g. exec("gcc -o /tmp/test /tmp/test.cpp", function (error, stdout, stderr) { if(!stderr) { …
StuR
  • 167
  • 2
  • 10
0
votes
1 answer

Do I need to chroot BIND 9 if I'm using AppArmor?

Possible Duplicate: bind9 in a chroot jail - necessary or not? I'm redoing my external dns servers and thinking about skipping chroot this time. And using apparmor or selinux as an alternativen. Any thoughts? I'm using team cymrus bind template…
falkowich
  • 1
0
votes
1 answer

Why is virt-install failing with “Read-only file system” when specifying initrd on a locally mounted ISO?

I’m using virt-install to create an Ubuntu machine using the official Ubuntu server live ISO. This command has been working in the past, but stopped working at some point (maybe after upgrading the host OS from Ubuntu 18.04 to 20.04, but I’m not…
aaronk6
  • 284
  • 1
  • 11
0
votes
2 answers

What does this apparmor message mean?

Here goes the message logged in /var/log/kern.log. Apr 30 00:01:01 home kernel: [ 7796.631540] audit: type=1400 audit(1588201261.517:65): apparmor="DENIED" operation="open" profile="/usr/sbin/mysqld" name="/etc/lsp.exclude" pid=10064 comm="mysqld"…
Microtribute
  • 101
  • 1
-2
votes
1 answer

Even with root user Im receiving 'Operation not permitted' when try creating gluster volume between Ubuntu 14.04 LXC containers

Even with root user Im receiving 'Operation not permitted' when try creating gluster volume between Ubuntu 14.04 LXC containers. Need test the solution locally before install it on prodution and even locally i cant install. xfce4-terminal -T…
Mark
  • 47
  • 6
1 2 3
4