[Bug 850058] New: AppArmor
https://bugzilla.novell.com/show_bug.cgi?id=850058 https://bugzilla.novell.com/show_bug.cgi?id=850058#c0 Summary: AppArmor Classification: openSUSE Product: openSUSE 13.1 Version: Final Platform: Other OS/Version: Other Status: NEW Severity: Normal Priority: P5 - None Component: Release Notes AssignedTo: ke@suse.com ReportedBy: aplanas@suse.com QAContact: coolo@suse.com Found By: --- Blocker: --- This text is a proposal for inclusion in the release note AppArmor -------- AppArmor is enabled by default which means more security, but can cause you some troubles when running service in less expected ways. If you run into strange permission problems, try disabling it and but report bugs even if it helps, as we want to fix AppArmor profiles to include even corner cases. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=850058
https://bugzilla.novell.com/show_bug.cgi?id=850058#c1
Karl Eichwalder
https://bugzilla.novell.com/show_bug.cgi?id=850058
https://bugzilla.novell.com/show_bug.cgi?id=850058#c2
--- Comment #2 from Alberto Planas Dominguez
https://bugzilla.novell.com/show_bug.cgi?id=850058
https://bugzilla.novell.com/show_bug.cgi?id=850058#c3
Karl Eichwalder
https://bugzilla.novell.com/show_bug.cgi?id=850058
https://bugzilla.novell.com/show_bug.cgi?id=850058#c4
--- Comment #4 from Swamp Workflow Management
https://bugzilla.novell.com/show_bug.cgi?id=850058
https://bugzilla.novell.com/show_bug.cgi?id=850058#c5
Christian Boltz
<title>AppArmor and Permission Settings</title> <para> AppArmor is enabled by default. This means more security, but prevent services from working, if you run them in less expected
_might_ prevent services ...
ways. If you encounter strange permission problems, try to disable AppArmor for the affected service.
... try to switch the AppArmor profile for the affected service to complain mode with "aa-complain /usr/bin/$your_service". Complain mode means: allow everything, and log things that the profile would not allow.
Even if it helps report it as a bug, because we want to fix AppArmor profiles to cover also corner cases.
I fully agree with this sentence ;-) -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=850058
https://bugzilla.novell.com/show_bug.cgi?id=850058#c
Karl Eichwalder
https://bugzilla.novell.com/show_bug.cgi?id=850058
https://bugzilla.novell.com/show_bug.cgi?id=850058#c
Karl Eichwalder
https://bugzilla.novell.com/show_bug.cgi?id=850058
https://bugzilla.novell.com/show_bug.cgi?id=850058#c6
--- Comment #6 from Karl Eichwalder
It's nice to find out someone adds a release notes entry without asking the affected packager ;-)
We did not want to bother you with this documentation writing stuff. But thanks for your feedback! I now propose this version based on your improvements: <sect2 id="sec.131.apparmor"> <!-- bnc#850058 --> <title>AppArmor and Permission Settings</title> <para> AppArmor is enabled by default. This means more security, but might prevent services from working, if you run them in unexpected ways. If you encounter strange permission problems, try to switch the AppArmor profile for the affected service to complain mode with: </para> <screen>aa-complain /usr/bin/$your_service</screen> <para> Complain mode means: allow everything, and log things that the profile would not allow. </para> <para> Even if it helps report it as a bug! We want to fix AppArmor profiles to cover also corner cases. </para> </sect2> -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=850058
https://bugzilla.novell.com/show_bug.cgi?id=850058#c7
--- Comment #7 from Christian Boltz
We did not want to bother you with this documentation writing stuff.
You had one chance to bother me with something, while I'm constantly bothering you with bug reports against the release notes. In your place, I'd have taken this chance (even if it was only for "Rache ist süß"[1] ;-) - you never know when you'll get another chance ;-) That said - the improved text looks good :-) [1] Lars is quite good at that - often it's like "thanks for your bugreport, and BTW, the samba profile needs to allow access to..." ;-) -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=850058
https://bugzilla.novell.com/show_bug.cgi?id=850058#c8
Karl Eichwalder
https://bugzilla.novell.com/show_bug.cgi?id=850058
https://bugzilla.novell.com/show_bug.cgi?id=850058#c9
--- Comment #9 from Swamp Workflow Management
participants (1)
-
bugzilla_noreply@novell.com