Comment # 5 on bug 1082230 from Christian Boltz

[setting component AppArmor to follow the major issue]

(In reply to Per Jessen from comment #2)
> apparmor="DENIED" operation="mknod" profile="/usr/bin/mlmmj-sub"
> name="/var/spool/mlmmj/election-officials/moderation/
> subscribe725c8faa3e83cae7"

(In reply to Per Jessen from comment #3)
> Fix apparmor:
> +  /var/spool/mlmmj/*/moderation/ rw,
> +
>  }

This rule does _not_ cover what you quote in the log event. Based on the log
event, you'll need a rule like

    /var/spool/mlmmj/election-officials/moderation/subscribe* rw,

(you didn't quote the requested permissions, so "rw" is only a guess)


> Fix mlmmj-sub:
> 
> In mlmmj-sub.c line 90-100, insert 'modfilename' before 'str' in the
> log_error() calls (2).

That sounds like a logging improvement that should be implemented upstream ;-)