Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

MVP of AppArmor profiles for Cryptomator on Ubuntu #31

Open
fititnt opened this issue Nov 7, 2020 · 1 comment
Open

MVP of AppArmor profiles for Cryptomator on Ubuntu #31

fititnt opened this issue Nov 7, 2020 · 1 comment
Labels
apparmor-profile "AppArmor is an effective and easy-to-use Linux application security system." https://apparmor.net/ beyond-tails

Comments

@fititnt
Copy link
Owner

fititnt commented Nov 7, 2020


An minimum viable product (MVP) of AppArmor profiles to use with Cryptomator

@fititnt
Copy link
Owner Author

fititnt commented Nov 7, 2020

Interesting. Very interesting. Actually do exist a tool that automate create AppArmor profiles.

Still not as smart as an human, but for a non-expert it definely seems to do better than start witht he apparmor-profiles/example/ubuntu/usr.bin.example-allow-all

The sudo aa-genprof /workspace/bin/cryptomator.AppImage command generated this profile

# Last Modified: Sat Nov  7 01:13:28 2020
#include <tunables/global>

/workspace/bin/cryptomator.AppImage flags=(complain) {
  #include <abstractions/base>
  #include <abstractions/nameservice>

  capability dac_read_search,
  capability sys_admin,

  /dev/fuse rw,
  /etc/fuse.conf r,
  /proc/*/mounts r,
  /tmp/.mount_cryptoMkNRmM/ r,
  /tmp/.mount_cryptoMkNRmM/bin/Cryptomator Ux,
  /tmp/.mount_cryptoo4xRVN/ r,
  /tmp/.mount_cryptoo4xRVN/bin/Cryptomator Px,
  /usr/bin/fusermount mrix,
  /workspace/bin/cryptomator.AppImage mr,

}

The /tmp definitely it did not get right.

fititnt added a commit that referenced this issue Nov 7, 2020
@fititnt fititnt added the apparmor-profile "AppArmor is an effective and easy-to-use Linux application security system." https://apparmor.net/ label Nov 7, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
apparmor-profile "AppArmor is an effective and easy-to-use Linux application security system." https://apparmor.net/ beyond-tails
Projects
None yet
Development

No branches or pull requests

1 participant