https://bugzilla.novell.com/show_bug.cgi?id=426159 Summary: "deny" rules enforced even if profile is in complain mode Product: openSUSE 11.0 Version: Final Platform: Other OS/Version: Other Status: NEW Severity: Critical Priority: P5 - None Component: AppArmor AssignedTo: jjohansen@novell.com ReportedBy: suse-beta@cboltz.de QAContact: qa@suse.de Found By: --- I just learned the hard way that "deny" rules are enforced even if a profile is in complain mode. Reproducer: root@cboltz:~> cat /etc/apparmor.d/tmp.testscript # Last Modified: Sun Sep 14 15:17:11 2008 #include <tunables/global> /tmp/testscript flags=(complain) { #include <abstractions/base> #include <abstractions/bash> deny /tmp/testfile a, /bin/bash rix, /dev/tty rw, /tmp/testscript r, } root@cboltz:~> LANG=C /tmp/testscript /tmp/testscript: line 2: /tmp/testfile: Permission denied root@cboltz:~> cat /tmp/testscript #!/bin/bash echo "hello world" >> /tmp/testfile -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.