What | Removed | Added |
---|---|---|
CC | asn@cryptomilk.org | |
Flags | needinfo?(asn@cryptomilk.org) |
The aa_change_hat manpage (only in bzr trunk, so you don't have it yet) describes what could possibly cause this: EPERM The calling application is not confined by apparmor, the specified subprofile is not a hat profile, the task is being ptraced and the tracing task does not have permission to trace the specified subprofile or the no_new_privs execution bit is enabled. After some discussion on upstream IRC, I'd like to ask for some more information ;-) - please attach: - the aa-status output in working and failing state - the exact apparmor_parser command you use (just to be sure you are using the right command ;-) - audit.log from the time this error happened (there should be a message about this error) - your apache profile - the result of grep -r -C3 HANDLING_UNTRUSTED_INPUT /etc/apparmor.d/