Christian Boltz wrote:
Short HowTo to get aa-notify working:
- edit /etc/apparmor/notify.conf and change "use_group=" to a group where your user is a member - "users" will of course work, but you might want to create a separate group or use the "trusted" group. (If you are not a member of the specified group, aa-notify will abort with "ERROR: '$user' must be in '$specified_group' group. Aborting".)
- optional, but useful (especially if you want aa-notify autostarted at login): setup sudo to allow running aa-notify without entering the root password (using visudo or the YaST2 sudo module)
- start aa-notify using sudo:
sudo HOME="$HOME" DISPLAY="$DISPLAY" /usr/sbin/aa-notify -p
This is also where I found the bug mentioned above - sudo drops lots of environment variables for security reasons. In practise, it drops too many of them and breaks aa-notify :-(
IOW aa-notify is either broken by design or not meant to be run as user. A better solution would be to have a dbus system service that can read the audit log or even subscribe to events directly. The UI would run in the user's session and connect to that system service. To restrict who can read the events policykit can be used. cu Ludwig -- (o_ Ludwig Nussel //\ V_/_ http://www.suse.de/ SUSE LINUX Products GmbH, GF: Jeff Hawn, Jennifer Guild, Felix Imendörffer, HRB 16746 (AG Nürnberg) -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-factory+help@opensuse.org