[Bug 850058] New: AppArmor
https://bugzilla.novell.com/show_bug.cgi?id=850058 https://bugzilla.novell.com/show_bug.cgi?id=850058#c0 Summary: AppArmor Classification: openSUSE Product: openSUSE 13.1 Version: Final Platform: Other OS/Version: Other Status: NEW Severity: Normal Priority: P5 - None Component: Release Notes AssignedTo: ke@suse.com ReportedBy: aplanas@suse.com QAContact: coolo@suse.com Found By: --- Blocker: --- This text is a proposal for inclusion in the release note AppArmor -------- AppArmor is enabled by default which means more security, but can cause you some troubles when running service in less expected ways. If you run into strange permission problems, try disabling it and but report bugs even if it helps, as we want to fix AppArmor profiles to include even corner cases. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=850058 https://bugzilla.novell.com/show_bug.cgi?id=850058#c1 Karl Eichwalder <ke@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Priority|P5 - None |P3 - Medium Status|NEW |ASSIGNED --- Comment #1 from Karl Eichwalder <ke@suse.com> 2013-11-12 17:01:47 CET --- My proposal: <title>AppArmor and Permission Settings</title> <para> AppArmor is enabled by default. This means more security, but prevent services from working, if you run them in less expected ways. If you encounter strange permission problems, try to disable AppArmor for the affected service. Even if it helps report it as a bug, because we want to fix AppArmor profiles to cover also corner cases. </para> -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=850058 https://bugzilla.novell.com/show_bug.cgi?id=850058#c2 --- Comment #2 from Alberto Planas Dominguez <aplanas@suse.com> 2013-11-12 16:07:06 UTC --- This is more clear now. Thanks. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=850058 https://bugzilla.novell.com/show_bug.cgi?id=850058#c3 Karl Eichwalder <ke@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|ASSIGNED |RESOLVED Blocks| |850258 Resolution| |FIXED --- Comment #3 from Karl Eichwalder <ke@suse.com> 2013-11-13 15:20:11 CET --- done. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=850058 https://bugzilla.novell.com/show_bug.cgi?id=850058#c4 --- Comment #4 from Swamp Workflow Management <swamp@suse.de> 2013-11-19 15:06:24 UTC --- openSUSE-RU-2013:1731-1: An update that has 9 recommended fixes can now be installed. Category: recommended (low) Bug References: 847801,849112,850052,850053,850054,850056,850057,850058,850258 CVE References: Sources used: openSUSE 13.1 (src): release-notes-openSUSE-13.1.7-10.1 -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=850058 https://bugzilla.novell.com/show_bug.cgi?id=850058#c5 Christian Boltz <suse-beta@cboltz.de> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |REOPENED CC| |suse-beta@cboltz.de Resolution|FIXED | --- Comment #5 from Christian Boltz <suse-beta@cboltz.de> 2013-11-23 22:44:40 CET --- It's nice to find out someone adds a release notes entry without asking the affected packager ;-) In general I agree with the text, but I'd like to add some details to make it more helpful. (In reply to comment #1)
<title>AppArmor and Permission Settings</title> <para> AppArmor is enabled by default. This means more security, but prevent services from working, if you run them in less expected
_might_ prevent services ...
ways. If you encounter strange permission problems, try to disable AppArmor for the affected service.
... try to switch the AppArmor profile for the affected service to complain mode with "aa-complain /usr/bin/$your_service". Complain mode means: allow everything, and log things that the profile would not allow.
Even if it helps report it as a bug, because we want to fix AppArmor profiles to cover also corner cases.
I fully agree with this sentence ;-) -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=850058 https://bugzilla.novell.com/show_bug.cgi?id=850058#c Karl Eichwalder <ke@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Blocks| |852179 -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=850058 https://bugzilla.novell.com/show_bug.cgi?id=850058#c Karl Eichwalder <ke@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|REOPENED |ASSIGNED -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=850058 https://bugzilla.novell.com/show_bug.cgi?id=850058#c6 --- Comment #6 from Karl Eichwalder <ke@suse.com> 2013-12-03 17:33:10 CET --- (In reply to comment #5)
It's nice to find out someone adds a release notes entry without asking the affected packager ;-)
We did not want to bother you with this documentation writing stuff. But thanks for your feedback! I now propose this version based on your improvements: <sect2 id="sec.131.apparmor"> <!-- bnc#850058 --> <title>AppArmor and Permission Settings</title> <para> AppArmor is enabled by default. This means more security, but might prevent services from working, if you run them in unexpected ways. If you encounter strange permission problems, try to switch the AppArmor profile for the affected service to complain mode with: </para> <screen>aa-complain /usr/bin/$your_service</screen> <para> Complain mode means: allow everything, and log things that the profile would not allow. </para> <para> Even if it helps report it as a bug! We want to fix AppArmor profiles to cover also corner cases. </para> </sect2> -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=850058 https://bugzilla.novell.com/show_bug.cgi?id=850058#c7 --- Comment #7 from Christian Boltz <suse-beta@cboltz.de> 2013-12-03 19:02:13 CET --- (In reply to comment #6)
We did not want to bother you with this documentation writing stuff.
You had one chance to bother me with something, while I'm constantly bothering you with bug reports against the release notes. In your place, I'd have taken this chance (even if it was only for "Rache ist süß"[1] ;-) - you never know when you'll get another chance ;-) That said - the improved text looks good :-) [1] Lars is quite good at that - often it's like "thanks for your bugreport, and BTW, the samba profile needs to allow access to..." ;-) -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=850058 https://bugzilla.novell.com/show_bug.cgi?id=850058#c8 Karl Eichwalder <ke@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|ASSIGNED |RESOLVED Resolution| |FIXED --- Comment #8 from Karl Eichwalder <ke@suse.com> 2013-12-04 14:44:20 CET --- ok :) Fixed in SVN. To be release next week, together with the translations. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=850058 https://bugzilla.novell.com/show_bug.cgi?id=850058#c9 --- Comment #9 from Swamp Workflow Management <swamp@suse.de> 2013-12-16 14:07:35 UTC --- openSUSE-RU-2013:1887-1: An update that has four recommended fixes can now be installed. Category: recommended (low) Bug References: 849449,850058,851083,851588 CVE References: Sources used: openSUSE 13.1 (src): release-notes-openSUSE-13.1.9-29.1 -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
participants (1)
-
bugzilla_noreply@novell.com