Question 1

How to install Bane on Ubuntu?

Accepted Answer

Download the binary from the GitHub releases page or install via Go with 'go get github.com/genuinetools/bane'. Ensure AppArmor is installed and enabled on your system for it to work properly.

Question 2

What's the difference between Bane and Docker's default AppArmor profile?

Accepted Answer

Docker's default profile is generic and relatively permissive, while Bane allows creating custom, restrictive profiles tailored to specific containers. This reduces attack surfaces by blocking unnecessary capabilities like raw sockets or shell access, as shown in the sample malicious activity tests.

Question 3

Can Bane be used with Kubernetes?

Accepted Answer

Bane is designed for Docker containers and isn't natively integrated with Kubernetes. You might manually generate profiles and apply them to Docker runtimes within Kubernetes nodes, but this requires extra setup and isn't straightforward for dynamic orchestration.

Question 4

How to debug AppArmor denials when using Bane?

Accepted Answer

Use the LogOnWritePaths feature in your TOML config to log write operations, and check system logs (e.g., dmesg or journalctl) for AppArmor audit messages. This helps identify which paths or actions are being denied, as illustrated in the README's dmesg output.

Question 5

Bane or manual AppArmor profiles: which is better for security?

Accepted Answer

Bane simplifies the process by using TOML configs instead of raw AppArmor syntax, reducing human error. However, both require security expertise to configure correctly; manual profiles offer more granular control, while Bane trades some flexibility for ease of use.

Question 6

How to create a custom profile for a MySQL container with Bane?

Accepted Answer

Define a TOML file with allowed paths like /var/lib/mysql, necessary capabilities (e.g., network access), and use 'bane yourconfig.toml' to generate and install the profile. Then run Docker with --security-opt='apparmor:your-profile-name' to apply it.

bane

What is bane?

Overview

Use Cases

Best For

Related Projects

Found a gem we're missing?

Not Ideal For

Pros & Cons

Pros

Cons

Frequently Asked Questions