From eda578f6024ef90e7afb423f3c0d23c250ed5b73 Mon Sep 17 00:00:00 2001 From: John Johansen Date: Wed, 15 Nov 2023 16:40:46 +0000 Subject: [PATCH] Update Complain Mode --- Complain-Mode.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/Complain-Mode.md b/Complain-Mode.md index a2328d1..aaeb3cb 100644 --- a/Complain-Mode.md +++ b/Complain-Mode.md @@ -9,6 +9,10 @@ ALLOWED When an application executes another application profile rules are used to determine the confinement of the subsequent application. However applications in complain mode often do not have a fully developed profile and the confinement of the child application may not be defined. Instead of folding the child applications behavior logging in to the current applications profile, apparmor can create special profiles that are used to track and learn application behavior of child processes. Specifically these special "null-" profiles are created when a confined application in complain mode tries to exec another application and the profile has no matching rule that defines the expected behavior, or has a rule that explicitly says a special null-XXXX profile should be created. +don't know in kernel if want to fold behavior of child into current +into existing profile +into new child profile + The creation of the null-XXXX profile allows the child applications logging stream to treat Eg.