http://bugzilla.opensuse.org/show_bug.cgi?id=1210217 Bug ID: 1210217 Summary: aa-logprof doesn't see a DENIED in dnsmasq service. Classification: openSUSE Product: openSUSE Distribution Version: Leap 15.4 Hardware: Other OS: Other Status: NEW Severity: Normal Priority: P5 - None Component: AppArmor Assignee: suse-beta@cboltz.de Reporter: carlos.e.r@opensuse.org QA Contact: qa-bugs@suse.de Found By: --- Blocker: --- I configured this line in /etc/dnsmasq.conf: resolv-file=/run/NetworkManager/no-stub-resolv.conf and restarted the service, which complained: Apr 06 12:40:22 Laicolasse.valinor dnsmasq[20083]: failed to read /run/NetworkManager/no-stub-resolv.conf: Permission denied However, aa-logprof said nothing: Laicolasse:~ # aa-logprof Updating AppArmor profiles in /etc/apparmor.d. Reading log entries from /var/log/audit/audit.log. Enforce-mode changes: Laicolasse:~ # Yet, the event was there: type=AVC msg=audit(1680777622.544:321): apparmor="DENIED" operation="open" class="file" profile="dnsmasq" name="/run/NetworkManager/no-stub-resolv.conf" pid=20083 c omm="dnsmasq" requested_mask="r" denied_mask="r" fsuid=480 ouid=0 I got the service working after adding line to /etc/apparmor.d/local/usr.sbin.dnsmasq: /run/NetworkManager/no-stub-resolv.conf r, and "systemctl restart apparmor.service". Machine is freshly installed laptop with 15.4 -- You are receiving this mail because: You are on the CC list for the bug.