Comment # 7 on bug 1089594 from Tony Yuan

I am testing the maintenance update for this mlocate package. The version is
mlocate-0.26-5.3.6.

I ran updatedb as root and got some "DENIED" on sles15-x86_64 and sles13-s390.

s15:~ # grep updatedb /var/log/audit/audit.log
type=AVC msg=audit(1536134878.010:4429): apparmor="STATUS"
operation="profile_load" profile="unconfined" name="/usr/bin/updatedb"
pid=18068 comm="apparmor_parser"
type=AVC msg=audit(1536135067.359:4436): apparmor="STATUS"
operation="profile_replace" info="same as current profile, skipping"
profile="unconfined" name="/usr/bin/updatedb" pid=18194 comm="apparmor_parser"
type=AVC msg=audit(1536135093.595:4478): apparmor="DENIED" operation="capable"
profile="/usr/bin/updatedb" pid=18357 comm="updatedb" capability=2 
capname="dac_read_search"
type=AVC msg=audit(1536135093.595:4479): apparmor="DENIED" operation="capable"
profile="/usr/bin/updatedb" pid=18357 comm="updatedb" capability=1 
capname="dac_override"


s390vsl082:~ # grep updatedb /var/log/audit/audit.log
type=AVC msg=audit(1536136495.574:42496): apparmor="STATUS"
operation="profile_load" profile="unconfined" name="/usr/bin/updatedb"
pid=50265 comm="apparmor_parser"
type=AVC msg=audit(1536136521.994:42537): apparmor="DENIED" operation="capable"
profile="/usr/bin/updatedb" pid=50426 comm="updatedb" capability=2 
capname="dac_read_search"
type=AVC msg=audit(1536136521.994:42538): apparmor="DENIED" operation="capable"
profile="/usr/bin/updatedb" pid=50426 comm="updatedb" capability=1 
capname="dac_override"
type=AVC msg=audit(1536136522.024:42539): apparmor="DENIED" operation="capable"
profile="/usr/bin/updatedb" pid=50426 comm="updatedb" capability=3 
capname="fowner"

Is there something wrong with the profile?