diff options
author | Guido Günther <agx@sigxcpu.org> | 2016-06-07 07:52:05 +0200 |
---|---|---|
committer | Guido Günther <agx@sigxcpu.org> | 2016-06-07 07:52:05 +0200 |
commit | e7a152a26303d07aa533751bbad396be04545aed (patch) | |
tree | a39675a650c6c5d3fd291cde1c6e2db1ec2622d3 | |
parent | 756424f87f253437053ea26b5410e09c06f55e30 (diff) |
Add more apparmor knobs
-rw-r--r-- | development/apparmor-debugging.mdwn | 16 |
1 files changed, 16 insertions, 0 deletions
diff --git a/development/apparmor-debugging.mdwn b/development/apparmor-debugging.mdwn index 8a0244f..8cf1a50 100644 --- a/development/apparmor-debugging.mdwn +++ b/development/apparmor-debugging.mdwn @@ -14,11 +14,27 @@ This does not track [denials][1]. So do a and check for denails, turn them into "audit deny" for debugging. +## Check environment scrubbing + + echo 1 > /sys/module/apparmor/parameters/debugging + +## Turn off deny audit quieting + + echo -n noquiet >/sys/module/apparmor/parameters/audit + ## Other things to watch out for * Process environments are usually cleared. So if a confined process spawns a subprocess that relies on environments vars this might trigger problems +## Other knobs to try + + echo 1 > /sys/module/apparmor/parameters/debug + echo -n noquiet >/sys/module/apparmor/parameters/audit + +See [826218][] for details. [1]: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=826218 [2]: http://wiki.apparmor.net/index.php/QuickProfileLanguage + +[826218]: http://bugs.debian.org/826218 |