Create AppArmor Rules with Audit Logs¶
About This Task¶
Each application in your eLxr 12 system has different system requirements and it is not always possible to know exactly which system resources the application requires for use. To better understand an application’s profile requirements, you can use the AppArmor aa-genprof tool to interactively review a target application’s system usage, and create a profile from auditd system logs.
Before You Begin¶
You must have an eLxr Server 12 development host setup with sudo privileges. For details, see eLxr QuickStart: Quick Start Overview.
You must have an application that you want to create an AppArmor profile for.
Procedure¶
Verify that the auditd service is running.
# sudo systemctl status auditd
If the service is not running, run the following commands to enable and start it.
# sudo systemctl enable auditd # sudo systemctl start auditd
Use the aa-genprof application to create a new profile for the target application. This application automatically collects and analyzes application system usage interactively.
# sudo aa-genprof /path/to/<my-app>
Follow the steps in the application. For example, you will be asked to run the target application in another terminal so aa-genprof can observe application behavior and use. Once this part is done, aa-genprof uses the audit logs to build the profile.
Note
You must complete all target application actions required by aa-genprof.
Check the profile generated by aa-genprof from the previous step and make any changes as necessary to it. For an example of an application profile, see Create an AppArmor Application Profile.
$ cat /etc/apparmor.d/<my-app>
Set the target application’s AppArmor status to enforce or complain. For details, see Set AppArmor Enforcing Mode.
Results¶
Now that you understand how to create a profile from audit logs, you can enable just about any application for use on an eLxr 12 system with AppArmor. For additional information on using AppArmor, see AppArmor Quick Profile Language and How to Use AppArmor.