Hello, on Dienstag, 20. September 2011, Roger Luedecke wrote:
AppArmor notifier (aanotify?)
It's "aa-notify" and, well, the new feature is that it is really working ;-) At least mostly - while answering your mail, I discovered a small bug. I have to thank you for asking, because this might have been unnoticed otherwise. Short HowTo to get aa-notify working: - edit /etc/apparmor/notify.conf and change "use_group=" to a group where your user is a member - "users" will of course work, but you might want to create a separate group or use the "trusted" group. (If you are not a member of the specified group, aa-notify will abort with "ERROR: '$user' must be in '$specified_group' group. Aborting".) - optional, but useful (especially if you want aa-notify autostarted at login): setup sudo to allow running aa-notify without entering the root password (using visudo or the YaST2 sudo module) - start aa-notify using sudo: sudo HOME="$HOME" DISPLAY="$DISPLAY" /usr/sbin/aa-notify -p This is also where I found the bug mentioned above - sudo drops lots of environment variables for security reasons. In practise, it drops too many of them and breaks aa-notify :-( To be exact, it breaks /usr/bin/notify-send because it can no longer connect to DBUS to display the notification. I just did a nice debugging session with John Johansen (one of the AppArmor developers) on IRC - comparing the env variables to those he got on Ubuntu with sudo finally got me on the right track after two hours. And as a side effect, we discovered that openSUSE's sudo on 11.4 misbehaves when using the -i option (reported as bug 720181). I submitted a patch for aa-notify upstream that restores the HOME and DISPLAY environment variables as good as possible ($HOME is easy, but I had to hardcode $DISPLAY to :0 if not set), so this should be fixed soon. When the fix is in the openSUSE package, you can just run sudo aa-notify -p (or sudo DISPLAY=':123' aa-notify -p if you need a different $DISPLAY) You can also start aa-notify after running "su", but then you have to specify your username: su # check that $HOME and $DISPLAY point to $YOUR_USERNAME's values aa-notify -p -u $YOUR_USERNAME Regards, Christian Boltz -- [...] dabei habe ich extra mutt benutzt! :-) Taugt wohl auch nichts, das Teil... *duck + renn* [Thomas Hertweck in suse-linux] -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-factory+help@opensuse.org