On 07/18/2011 02:54 PM, Christian Boltz wrote:
Hello,
on Montag, 18. Juli 2011, Bruno Friedmann wrote:
On 07/18/2011 10:07 AM, Christian Boltz wrote:
on Montag, 18. Juli 2011, Bruno Friedmann wrote:
Jul 17 21:33:42 localhost su: pam_apparmor(su-l:session): Unknown error occurred changing to postgres hat: Operation not permitted
Does your /var/log/audit/audit.log contain useful hints? It might be that you "just" have a too strict profile...
http://dl.dropbox.com/u/13333867/openSUSE/factory_pam-apparmor_errors.audit....
I didn't touch the profile of apparmor, just the full plain default after a factory 12.1 M3 install
Quoting some lines from your audit.log:
type=AVC msg=audit(1310976216.909:29): apparmor="DENIED" operation="change_hat" info="unconfined" error=-1 pid=2099 comm="su" type=AVC msg=audit(1310976249.728:30): apparmor="DENIED" operation="change_hat" info="unconfined" error=-1 pid=3612 comm="login" type=AVC msg=audit(1310978281.361:30): apparmor="DENIED" operation="change_hat" info="unconfined" error=-1 pid=3096 comm="kdm"
Looks like my guess was correct ;-)
Please - run cp -a /etc/apparmor.d /etc/apparmor.d_ORIG - run aa_logprof and allow the requested permissions - run diff -ru /etc/apparmor.d_ORIG/ /etc/apparmor.d/ > /tmp/apparmor.diff - open a bugreport, attach /tmp/apparmor.diff and your audit.log. Please CC me (just type "cboltz" in the CC field) or tell me the bug number.
Regards,
Christian Boltz
Hi Christian, I've not forget, just a yet another damned busy week :-) After pushing your recommendations I get this aa-logprof Reading log entries from /var/log/audit/audit.log. Updating AppArmor profiles in /etc/apparmor.d. c-3po:~ # cat /tmp/apparmor.diff Which suppose aren't really helpful ... Did one of the week update in factory fix it The most annoying, is when I try to setup something in Yast2 actually, I've errors like frontend & backend not synchronized etc... I will try to purge app_armor, then setup it again just to be sure. But this install is quite new and I normally doesn't touch anything in it. -- Bruno Friedmann Ioda-Net Sàrl www.ioda-net.ch openSUSE Member & Ambassador GPG KEY : D5C9B751C4653227 irc: tigerfoot -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-factory+help@opensuse.org