AppArmor: Fix all complaints, set to enforce
Opened 3 years ago
Last modified 2 years ago
#2319newdefect
AppArmor: Fix all complaints, set to enforce
Reported by:zzzOwned by:zzz Priority: minor Milestone: undecided Component: package/debian Version: 0.9.36 Keywords:
Cc: Masayuki Hatta Parent Tickets:
Sensitive: no
Description
As brought up by 'cx5' in IRC:
Our apparmor profiles (in debian/apparmor, system_i2p and usr.bin.i2prouter) are in "complain" mode, not "enforce" mode. Quick check of dmesg shows dozens of complaints (which are labeled "ALLOWED") and possibly hundreds more suppressed? Nobody is testing or maintaining the profiles. If we did switch to enforce, we'd need more testing of packages before the release.
previous apparmor tix: #1092 #1581 #1986 #2306
hints from cx5:
sudo apt install apparmor-utils
sudo aa-enforce usr.bin.router
sudo aa-complain usr.bin.router
He sees errors from i2prouter in cat of ~/.i2p/i2p.java.status and ~/.i2p/i2p.status and ~/.i2p/i2p.pid, reasons unknown.