> IMHO there are two things that should be fixed: > > a) in AppArmor: I'll either "downgrade" the error to a warning saying > Ignoring log event for non-existing profile $name, even if the > profile file exists (different profile name?) > or simply silently ignore events for non-existing profiles since that is > what happens for all non-existing profiles not matching this corner case. > > b) in the openQA tests: unload the profile before you delete the profile file > to ensure you have a clean test setup: > > apparmor_parser -R /tmp/apparmor.d/usr.sbin.nscd > rm /tmp/apparmor.d/usr.sbin.nscd > cp -a /etc/apparmor.d/ /tmp/apparmor.d/ > apparmor_parser -r /tmp/apparmor.d/ # reload profiles > > nscd will run unconfined after that, but you are stopping it anyway. > (And sadly, openQA will no longer cover that corner case it accidently > covered ;-) Thank you so much for the fixing suggestions for openQA tests, we have opened 2 poo to enhance our test cases. FYI: [sle][security][sle15sp1] apparmor aa_autodep & aa_genprof tests need doing cleanup (https://progress.opensuse.org/issues/45980) [sle][security][sle15sp1] apparmor aa_enforce test needs to be updated to match new behavior in Tumblewwed (https://progress.opensuse.org/issues/45635#change-178487)