https://bugzilla.novell.com/show_bug.cgi?id=426159 User suse-beta@cboltz.de added comment https://bugzilla.novell.com/show_bug.cgi?id=426159#c2 Christian Boltz <suse-beta@cboltz.de> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEEDINFO |NEW Info Provider|suse-beta@cboltz.de | --- Comment #2 from Christian Boltz <suse-beta@cboltz.de> 2008-09-16 05:17:53 MDT --- I'm fine with logprof not prompting for already deni'ed permissions. That's why the deny rule is there ;-) I don't really care if rejects for deny rules are logged in complain mode or not. It's up to you to decide. But: The current behaviour (enforce deny rules if the profile is in complain mode) is very unexpected and problematic. In my case, I had a single deny rule in my apache profile (complain mode). It turned out to be the wrong one - apache couldn't open a logfile and died at reload after logrotation :-( IMHO the only needed change is: if a profile is in complain mode, then deny rules should not be enforced. I also think that this is the definition of complain mode: do _not_ really restrict the program, just look at it while doing its job. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.