Mailinglist Archive: opensuse-factory (1264 mails)

< Previous Next >
Re: [opensuse-factory] Features making it into 12.1 for blog
  • From: Ludwig Nussel <ludwig.nussel@xxxxxxx>
  • Date: Mon, 26 Sep 2011 16:24:30 +0200
  • Message-id: <4E808B1E.8080302@suse.de>
Christian Boltz wrote:
Short HowTo to get aa-notify working:

- edit /etc/apparmor/notify.conf and change "use_group=" to a group
where your user is a member - "users" will of course work, but you
might want to create a separate group or use the "trusted" group.
(If you are not a member of the specified group, aa-notify will abort
with "ERROR: '$user' must be in '$specified_group' group. Aborting".)

- optional, but useful (especially if you want aa-notify autostarted at
login): setup sudo to allow running aa-notify without entering the
root password (using visudo or the YaST2 sudo module)

- start aa-notify using sudo:

sudo HOME="$HOME" DISPLAY="$DISPLAY" /usr/sbin/aa-notify -p

This is also where I found the bug mentioned above - sudo drops lots
of environment variables for security reasons. In practise, it drops
too many of them and breaks aa-notify :-(

IOW aa-notify is either broken by design or not meant to be run as user.
A better solution would be to have a dbus system service that can read
the audit log or even subscribe to events directly. The UI would run in
the user's session and connect to that system service. To restrict who
can read the events policykit can be used.

cu
Ludwig

--
(o_ Ludwig Nussel
//\
V_/_ http://www.suse.de/
SUSE LINUX Products GmbH, GF: Jeff Hawn, Jennifer Guild, Felix Imendörffer, HRB
16746 (AG Nürnberg)
--
To unsubscribe, e-mail: opensuse-factory+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse-factory+help@xxxxxxxxxxxx

< Previous Next >
Follow Ups