mirror of
https://gitlab.com/apparmor/apparmor.git
synced 2025-03-04 16:35:02 +01:00
1db463f4de
* the application, library, documentation and installation script
* the initial templates and policy groups. This will undoubtedly need
refinement as we get feedback from users. Initial policy is based on Ubuntu's
Application Review Board (ARB) requirements[2].
* tests for the library
* Makefile integration
Templates are stored in /usr/share/apparmor/easyprof/templates and policy
groups in /usr/share/apparmor/easyprof/policygroups. This can be adjusted via
/etc/apparmor/easyprof.conf.
The aa-easyprof.pod has complete documentation on usage with some
additional information in utils/easyprof/README (mostly duplicated
here).
Testing can be performed in a number of ways:
$ cd utils ; make check # runs unit tests and pyflakes
Unit tests manually:
$ ./test/test-aa-easyprof.py
In source manual testing:
$ ./aa-easyprof --templates-dir=./easyprof/templates \
--policy-groups-dir=./easyprof/policygroups \
... \
/opt/foo/bin/foo
Post-install manual testing:
$ make DESTDIR=/tmp/test PERLDIR=/tmp/test/usr/share/perl5/Immunix install
$ cd /tmp/test
$ PYTHONPATH=/tmp/test/usr/local/.../dist-packages ./usr/bin/aa-easyprof \
--templates-dir=/tmp/test/usr/share/apparmor/easyprof/templates \
--policy-groups-dir=/tmp/test/usr/share/apparmor/easyprof/policygroups \
/opt/bin/foo
(you may also adjust /tmp/test/etc/apparmor/easyprof.conf to avoid
specifying --templates-dir and --policy-groups-dir).
Committing this now based on conversation with John and Steve.
Acked-By: Jamie Strandboge <jamie@canonical.com>
44 lines
1.5 KiB
Text
44 lines
1.5 KiB
Text
AppArmor Easy Profiler
|
|
----------------------
|
|
aa-easyprof is a standalone CLI application which can also be imported into
|
|
developer SDKs. See test/test-aa-easyprof.py for an example of how to import
|
|
this into your SDK.
|
|
|
|
|
|
Templates
|
|
---------
|
|
Any number of templates can be used. The user may specify one on the command
|
|
line or use a system-wide template from /usr/share/apparmor/easyprof/templates.
|
|
|
|
Currently the combination of the user-application and the opt-application and
|
|
user-application policygroups should achieve a working policy for Ubuntu's
|
|
Application Review Board:
|
|
- http://developer.ubuntu.com/publish/my-apps-packages/
|
|
|
|
Eg:
|
|
$ aa-easyprof --template=user-application \
|
|
--template-var="@{APPNAME}=foo" \
|
|
--policy-groups=opt-application,user-application \
|
|
/opt/foo/bin/foo
|
|
|
|
Testing
|
|
-------
|
|
Unit tests:
|
|
$ ./test/test-aa-easyprof.py
|
|
|
|
In source manual testing:
|
|
$ ./aa-easyprof --templates-dir=./easyprof/templates \
|
|
--policy-groups-dir=./easyprof/policygroups \
|
|
... \
|
|
/opt/foo/bin/foo
|
|
|
|
Post-install manual testing:
|
|
$ make DESTDIR=/tmp/test PERLDIR=/tmp/test/usr/share/perl5/Immunix install
|
|
$ cd /tmp/test
|
|
$ PYTHONPATH=/tmp/test/usr/local/.../dist-packages ./usr/bin/aa-easyprof \
|
|
--templates-dir=/tmp/test/usr/share/apparmor/easyprof/templates \
|
|
--policy-groups-dir=/tmp/test/usr/share/apparmor/easyprof/policygroups \
|
|
/opt/bin/foo
|
|
|
|
(you may also adjust /tmp/test/etc/apparmor/easyprof.conf to avoid specifying
|
|
--templates-dir and --policy-groups-dir).
|