systeme:apparmor
Différences
Ci-dessous, les différences entre deux révisions de la page.
Les deux révisions précédentesRévision précédenteProchaine révision | Révision précédente | ||
systeme:apparmor [2015/08/15 10:11] – root | systeme:apparmor [2016/10/08 16:34] (Version actuelle) – [Liens] root | ||
---|---|---|---|
Ligne 3: | Ligne 3: | ||
* [[http:// | * [[http:// | ||
* [[https:// | * [[https:// | ||
+ | * [[https:// | ||
===== Description ===== | ===== Description ===== | ||
AppArmor permet à l' | AppArmor permet à l' | ||
Ligne 14: | Ligne 14: | ||
* **a** : Append mode (mutually exclusive to w) | * **a** : Append mode (mutually exclusive to w) | ||
* **k** : File locking mode | * **k** : File locking mode | ||
- | | + | * **x** : Execute |
- | * Ux** : Execute unconfined (scrub the environment) | + | * **ux** : Execute unconfined (preserve environment) -- WARNING: should only be used in very special cases |
- | * px** : Execute under a specific profile (preserve the environment) -- WARNING: should only be used in special cases | + | |
+ | | ||
* **Px** : Execute under a specific profile (scrub the environment) | * **Px** : Execute under a specific profile (scrub the environment) | ||
* **pix** : as px but fallback to inheriting the current profile if the target profile is not found | * **pix** : as px but fallback to inheriting the current profile if the target profile is not found | ||
Ligne 35: | Ligne 36: | ||
* **deny** : explicitly deny, without logging | * **deny** : explicitly deny, without logging | ||
* **audit deny** : combination to explicitly deny, but log | * **audit deny** : combination to explicitly deny, but log | ||
- | * **quiet** : Enlève le flag audit | + | * **quiet** : clears |
< | < | ||
Ligne 175: | Ligne 176: | ||
===== apparmor_parser ===== | ===== apparmor_parser ===== | ||
+ | * Voir ce qu'il y a de charger dans le profil apache2 : | ||
+ | < | ||
+ | $ apparmor_parser -Q --debug / | ||
+ | </ | ||
+ | |||
+ | < | ||
+ | $ apparmor_parser -p / | ||
+ | </ | ||
+ | |||
* Recharger le profile ping : | * Recharger le profile ping : | ||
< | < | ||
$ apparmor_parser -r / | $ apparmor_parser -r / | ||
</ | </ |
systeme/apparmor.1439633504.txt.gz · Dernière modification : 2015/08/15 10:11 de root