I have done that.
Code: Select all
z@debian:~$ sudo aa-status
[sudo] password for z:
apparmor module is loaded.
60 profiles are loaded.
42 profiles are in enforce mode.
/snap/core/6818/usr/lib/snapd/snap-confine
/snap/core/6818/usr/lib/snapd/snap-confine//mount-namespace-capture-helper
/usr/bin/evince
/usr/bin/evince-previewer
/usr/bin/evince-previewer//sanitized_helper
/usr/bin/evince-thumbnailer
/usr/bin/evince//sanitized_helper
/usr/bin/man
/usr/bin/pidgin
/usr/bin/pidgin//sanitized_helper
/usr/bin/totem
/usr/bin/totem-audio-preview
/usr/bin/totem-video-thumbnailer
/usr/bin/totem//sanitized_helper
/usr/lib/cups/backend/cups-pdf
/usr/lib/snapd/snap-confine
/usr/lib/snapd/snap-confine//mount-namespace-capture-helper
/usr/sbin/apt-cacher-ng
/usr/sbin/cups-browsed
/usr/sbin/cupsd
/usr/sbin/cupsd//third_party
libreoffice-senddoc
libreoffice-soffice//gpg
libreoffice-xpdfimport
man_filter
man_groff
nvidia_modprobe
nvidia_modprobe//kmod
snap-update-ns.chromium
snap-update-ns.core
snap-update-ns.hello-world
snap-update-ns.snap-store
snap-update-ns.spotify
snap.chromium.chromedriver
snap.chromium.chromium
snap.core.hook.configure
snap.hello-world.env
snap.hello-world.evil
snap.hello-world.hello-world
snap.hello-world.sh
snap.snap-store.snap-store
snap.spotify.spotify
18 profiles are in complain mode.
/usr/bin/irssi
/usr/sbin/dnsmasq
/usr/sbin/dnsmasq//libvirt_leaseshelper
avahi-daemon
identd
klogd
libreoffice-oopslash
libreoffice-soffice
mdnsd
nmbd
nscd
ping
smbd
smbldap-useradd
smbldap-useradd///etc/init.d/nscd
syslog-ng
syslogd
traceroute
11 processes have profiles defined.
9 processes are in enforce mode.
/usr/sbin/cups-browsed (700)
/usr/sbin/cupsd (637)
/usr/lib/cups/notifier/dbus (696) /usr/sbin/cupsd
/usr/lib/cups/notifier/dbus (699) /usr/sbin/cupsd
/usr/lib/cups/notifier/dbus (704) /usr/sbin/cupsd
/snap/spotify/35/usr/share/spotify/spotify (1788) snap.spotify.spotify
/snap/spotify/35/usr/share/spotify/spotify (1930) snap.spotify.spotify
/snap/spotify/35/usr/share/spotify/spotify (1944) snap.spotify.spotify
/snap/spotify/35/usr/share/spotify/spotify (1961) snap.spotify.spotify
2 processes are in complain mode.
/usr/sbin/avahi-daemon (641) avahi-daemon
/usr/sbin/avahi-daemon (697) avahi-daemon
0 processes are unconfined but have a profile defined.
But then:
Code: Select all
z@debian:~$ hello-world.evil
Hello Evil World!
This example demonstrates the app confinement
You should see a permission denied error next
If you see this line the confinement is not working correctly, please file a bug
The Snap Store also says unconfined and I disabled the ability to play sound from Chromium using the Snap Store, but the sound still played.