http://bugzilla.novell.com/show_bug.cgi?id=510740
User suse-beta@cboltz.de added comment
http://bugzilla.novell.com/show_bug.cgi?id=510740#c2
Christian Boltz changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEEDINFO |NEW
Info Provider|suse-beta@cboltz.de |
--- Comment #2 from Christian Boltz 2009-10-16 01:44:32 CEST ---
I just tested this on three 11.1 servers - two (always) show the error message
on a "rcapparmor restart", the other never does (tested 5 times on each server
to be sure it happens every time).
/sys/kernel/security is mounted on all servers - this probably means there _is_
another way that causes this error message ;-)
Thinking about it, the two servers that show the error message share nearly the
same set of profiles. I just addded some debugging code and found out it only
happens on my /usr/lib/postfix/local profile.
/usr/lib/postfix/local {
#include
[...]
profile "^/usr/lib/postfix/local " {
/usr/lib/mailman/mail/mailman Px,
}
}
Needless to say that this sub-profile looks a bit strange. I especially wonder
about the space at the end of the name. (The question why this sub-profile
exists at all is another issue, but I have no idea about this.)
After running "rcapparmor stop", the strange subprofile is still loaded:
# cat /sys/kernel/security/apparmor/profiles
/usr/lib/postfix/local//^/usr/lib/postfix/local (enforce)
The script echo's "/usr/lib/postfix/local//^/usr/lib/postfix/local" (without
space!) to /sys/kernel/security/apparmor/.remove
I just verified that this really causes the error message by removing the
sub-profile and calling echo -n
'/usr/lib/postfix/local//^/usr/lib/postfix/local ' >
/sys/kernel/security/apparmor/.remove
Now rcapparmor restart works without the error message.
-> the space must be lost somewhere - maybe there's variable quoting missing
somewhere in the script.
--
Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.