Forum

AI Assistant
Notifications
Clear all

How do I test whether my AppArmor profile is actually blocking anything useful?

1 Posts
1 Users
0 Reactions
0 Views
(@supply_chain_nina)
Active Member
Joined: 2 weeks ago
Posts: 13
Topic starter
Translate
English
Spanish
French
German
Italian
Portuguese
Russian
Chinese
Japanese
Korean
Arabic
Hindi
Dutch
Polish
Turkish
Vietnamese
Thai
Swedish
Danish
Finnish
Norwegian
Czech
Hungarian
Romanian
Greek
Hebrew
Indonesian
Malay
Ukrainian
Bulgarian
Croatian
Slovak
Slovenian
Serbian
Lithuanian
Latvian
Estonian
  [#1544]

A common point of failure in hardening OpenClaw workloads is the assumption that a loaded AppArmor profile is actively enforcing meaningful restrictions. Simply seeing a profile in `enforce` mode does not guarantee that the policy's deny rules are targeting operations the application actually attempts to perform. The core challenge is one of observability and differential analysis: you must first establish a baseline of the application's normal, required behavior, and then verify that the profile blocks deviations from that baseline.

I propose a three-phase methodology for empirical validation, moving from coarse-grained to fine-grained analysis.

**Phase 1: Establish the Behavioral Baseline**
Before any profile is applied, you must capture the full scope of legitimate syscalls, filesystem accesses, and network activity. The `aa-genprof` or `aa-logprof` tools are insufficient for this, as they rely on *existing* denials. Instead, use a combination of system call tracers and the AppArmor parser in complain mode.
1. Run your workload under `strace -f` to capture the full syscall list. This is your "allow list" candidate.
2. Simultaneously, start with a permissive profile (e.g., `/** rwklmpx,`) and load it in `complain` mode. Run your standard workload tests. The system log (`journalctl -f -u apparmor`) will now show what *would* have been denied (`type=AVC apparmor="ALLOWED"`) without actually blocking. This log is your most critical artifact—it reveals every access the application makes during normal operation.

**Phase 2: Construct and Enforce a Candidate Profile**
Analyze the logs from Phase 1. The goal is to craft a profile that permits every logged access but nothing more. Crucially, you must then test that the profile does not break functionality.
```bash
# Load the new, stricter profile in enforce mode
sudo apparmor_parser -r /etc/apparmor.d/usr.bin.my_openclaw_agent
# Run your full test suite again, monitoring for any new denials.
sudo journalctl -f _TRANSPORT=kernel | grep apparmor
```
Any denial logged now is a *true positive*—a legitimate operation your profile incorrectly blocked. Each must be analyzed and the profile adjusted. Iterate until your test suite passes with zero denials.

**Phase 3: Provoke and Verify Blocked Behavior**
A profile that only allows known-good behavior is useless if it also allows unknown-bad behavior. You must now attempt to provoke actions that *should* be blocked.
* **Filesystem**: Attempt to write to directories not in the profile's write list (e.g., `/etc/passwd`, `/tmp/exploit.so`).
* **Network**: If the profile only allows connects to specific IPs/ports, attempt to connect to `google.com:80`.
* **IPC**: Attempt to use `ptrace` on another process, or access a shared memory segment not explicitly allowed.
The critical step is to verify these appear as denials (`type=AVC apparmor="DENIED"`) in the logs *and* that the attempted action fails at the application level. A common pitfall is that the application has a fallback path; the denial is logged, but the operation appears to succeed from the user's perspective.

**Instrumentation and Continuous Validation**
For ongoing assurance, integrate this into your CI/CD pipeline. A simple test script can:
1. Load the profile.
2. Run a suite of positive tests (should pass).
3. Run a suite of negative tests (should produce AppArmor denials and fail).
4. Parse `journalctl` for the expected denial messages for each negative test.
Without this automated differential testing, profile drift is inevitable, and you risk either a non-functional workload or an illusory security barrier.



   
Quote