diff options
-rw-r--r-- | development/apparmor-debugging.mdwn | 16 |
1 files changed, 16 insertions, 0 deletions
diff --git a/development/apparmor-debugging.mdwn b/development/apparmor-debugging.mdwn index 8a0244f..8cf1a50 100644 --- a/development/apparmor-debugging.mdwn +++ b/development/apparmor-debugging.mdwn @@ -14,11 +14,27 @@ This does not track [denials][1]. So do a and check for denails, turn them into "audit deny" for debugging. +## Check environment scrubbing + + echo 1 > /sys/module/apparmor/parameters/debugging + +## Turn off deny audit quieting + + echo -n noquiet >/sys/module/apparmor/parameters/audit + ## Other things to watch out for * Process environments are usually cleared. So if a confined process spawns a subprocess that relies on environments vars this might trigger problems +## Other knobs to try + + echo 1 > /sys/module/apparmor/parameters/debug + echo -n noquiet >/sys/module/apparmor/parameters/audit + +See [826218][] for details. [1]: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=826218 [2]: http://wiki.apparmor.net/index.php/QuickProfileLanguage + +[826218]: http://bugs.debian.org/826218 |