Translation(s): none
/Contribute /Contribute/FirstTimeProfileImport /Contribute/MergeProfileFromUpstream /Contribute/Upstream /Debug /HowToUse /OutReachyRound9 /Progress /Reportbug /UserStories |
Contents
Diagnose if a bug reported against my package might have been caused by AppArmor
Find out if AppArmor is enabled - this should return true if AppArmor is enabled
test -d /sys/module/apparmor
- Find out which profiles are enabled
sudo aa-status
- Request Logs
sudo tail -f /var/log/syslog | grep 'DENIED' or (if auditd is installed): sudo tail -f /var/log/auditd/auditd.log | grep 'DENIED'
- Ask to disable the profile and test again if it works
sudo aa-disable /etc/apparmor.d/$profile e.g. sudo aa-disable /etc/apparmor.d/usr.bin.pidgin
Debug a profile
For a more detailed introduction to debugging AppArmor profiles, read upstream's documentation on the subject.
TL;DR
Read syslog sudo tail -f /var/log/syslog | grep DENIED or sudo tail -f /var/log/auditd/audit.log | grep DENIED
sudo aa-disable /etc/apparmor.d/$profile where "$profile" is the name of the application's profile, e.g. sudo aa-disable /etc/apparmor.d/usr.bin.pidgin
- edit the profile, using a text editor
sudo aa-enforce /etc/apparmor.d/$profile where "$profile" is the name of the application's profile
or sudo aa-complain /etc/apparmor.d/$profile where "$profile" is the name of the application's profile
- restart application, reverify logs.
Report a bug
To report a bug, please read the dedicated documentation.