Comment # 1 on bug 1000201 from 
Just for the records: having AppArmor 2.8.x on SLE is not my fault ;-) - it was
the decision of the SLE maintainers not to upgrade to 2.9 (which I proposed for
SLE12, it would have solved quite some problems.) Also, I'm not the AppArmor
maintainer for SLE (but help when needed).

Also, I'm surprised that the profiles were replaced - AFAIK the files in
/etc/apparmor.d/ are packaged as "noreplace".

That said:

Can you please check (rpm -qf) if / which package contains the mlmmj profiles? 
(The AppArmor package ships them in the "extras" directory [1] as inactive
profiles, which means they are _not_ shipped in /etc/apparmor.d/.)

[1] that's probably /etc/apparmor/profiles/extras/ on SLE, and 
    /usr/share/apparmor/extra-profiles/ since AppArmor 2.9.


Also, some questions about your changes:

+/usr/bin/mlmmj-bounce {

-  /var/spool/mlmmj/*/subscribers.d rwl, #
-  /var/spool/mlmmj/*/subscribers.d/* rwl,
+  /var/spool/mlmmj/*/subscribers.d/ r,
+  /var/spool/mlmmj/*/subscribers.d/* r,

I like reducing permissions, still - are you sure read-only is enough here?

BTW: the queue and subconf directories also need a trailing slash (or can be
removed from the profile if you don't find complaints about this in the
audit.log ;-)


+/usr/bin/mlmmj-sub {

Another missing trailing slash for the "text" directory (or a superfluous rule
;-)


After adjusting those details, please attach the full mlmmj profiles as
tarball. Your diff doesn't cleanly apply to the upstream profiles (not too
surprising, probably they changed in the meantime), so having the full files
makes things easier for me ;-)

You are receiving this mail because: