Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Extend the AppArmor CRD with a profile flag which should allow to switch the profile mode #2559

Closed
ccojocar opened this issue Nov 14, 2024 · 1 comment · Fixed by #2598
Closed
Labels
kind/feature Categorizes issue or PR as related to a new feature.

Comments

@ccojocar
Copy link
Contributor

What would you like to be added:

The AppArmor CRD should include a flag which defines the mode of the apparmor profile. This will allow to easily switch a profile from complain to audit or enforcement mode.

The list of supported profile flags is:

PROFILE FLAGS = 'complain' | 'audit' | 'enforce' | 'mediate_deleted' |
           'attach_disconnected' | 'chroot_relative'

source: https://manpages.ubuntu.com/manpages/bionic/en/man5/apparmor.d.5.html

Also some details are available in https://documentation.suse.com/sles/15-SP6/html/SLES-all/cha-apparmor-profiles.html#sec-apparmor-profiles-flags.

Why is this needed:

This is required in order to easily switch a profile from audit to enforcement or complain mode.

User story covered

@ccojocar ccojocar added the kind/feature Categorizes issue or PR as related to a new feature. label Nov 14, 2024
@ccojocar
Copy link
Contributor Author

cc @mhils

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
kind/feature Categorizes issue or PR as related to a new feature.
Projects
None yet
1 participant