LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Go Back   LinuxQuestions.org > Forums > Non-*NIX Forums > Programming
User Name
Password
Programming This forum is for all programming questions.
The question does not have to be directly related to Linux and any language is fair game.

Notices


Reply
  Search this Thread
Old 12-20-2022, 12:16 PM   #1
OlRoy
Member
 
Registered: Dec 2002
Posts: 306

Rep: Reputation: 86
Could software automatically create AppArmor profiles by scanning source code?


Could software be made that automatically creates AppArmor profiles by scanning source code? If so, how effective would the profiles be?
 
Old 12-21-2022, 05:15 AM   #2
NevemTeve
Senior Member
 
Registered: Oct 2011
Location: Budapest
Distribution: Debian/GNU/Linux, AIX
Posts: 4,428
Blog Entries: 1

Rep: Reputation: 1679Reputation: 1679Reputation: 1679Reputation: 1679Reputation: 1679Reputation: 1679Reputation: 1679Reputation: 1679Reputation: 1679Reputation: 1679Reputation: 1679
I think that would be possible; its effectiveness not warranted to be hundred percent, it might be less.
 
Old 12-21-2022, 05:19 AM   #3
Turbocapitalist
LQ Guru
 
Registered: Apr 2005
Distribution: Linux Mint, Devuan, OpenBSD
Posts: 6,692
Blog Entries: 3

Rep: Reputation: 3459Reputation: 3459Reputation: 3459Reputation: 3459Reputation: 3459Reputation: 3459Reputation: 3459Reputation: 3459Reputation: 3459Reputation: 3459Reputation: 3459
I'd say it'd be less accurate and even if it weren't less accurate you don't want the software be allowed to do everything it theoretically could do. What would work would be looking at the specifications, if there are any, or figuring them out otherwise. Then take the intersection of that with what you want limit the program to. Right now AppArmor is primarily limited to controlling file system access. The networking access control is currently a feeble on or off choice and cannot decide on ports etc. For that you might have options using specific groups for specific programs and then using NFTables to control what that group can use on the network.
 
1 members found this post helpful.
  


Reply

Tags
apparmor


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Any scanning program closes when scanning starts SimPos Linux - Software 4 02-17-2022 07:25 AM
Does apparmor make all the profiles you need? archuserman Linux - Security 6 07-25-2020 11:36 AM
[SOLVED] Error message "Failed to start Load AppArmor profiles" at boot time no-windose Linux - General 7 05-12-2020 04:50 PM
LXer: Why Source Code Scanning Tools are Essential to Open Source Compliance LXer Syndicated Linux News 0 02-25-2020 07:32 PM
Active Scanning or Passive Scanning Paris Heng Linux - Networking 2 02-15-2008 10:37 AM

LinuxQuestions.org > Forums > Non-*NIX Forums > Programming

All times are GMT -5. The time now is 11:22 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration