Hi all. Installed apparmor and works as expected. But what i would wanna know as detailed as possible is how to generate a profile since programs are changing therefor apparmor profiles may need updates or rethinking.
Installed audit-runit, enabled from grub 'audit=1' but when tried aa-genprof /usr/bin/mpv it asks for a syslog file. Created that file but aa-genprof does not log anything in that sylog file so i can't create any rules for mpv as example.
Is apparmor so systemd dependent to the point we can't use aa-genprof or what's the trick?. Looked in extra-profiles but there's no mpv profile and all what i found looks obsolete.
I took a look at apparmor source code, and found this:
./profiles/apparmor.d/abstractions/base: @{run}/systemd/journal/dev-log w,
My guess is that apparmor calls systemd specific commands for syslog.
Tnx so it might mean generating a profile can be much more challenging than on soystemd distros