Am Samstag, 25. November 2017 schrieb Knurpht - Gertjan Lettink:
There are indeed "DENIED lines" re. docker
and containerd in the
audit.log. Can't miss the server today, but will check tomorrow and
file a bug against apparmor.
I'll happily reassign it to the docker maintainer - but nevertheless,
please first report it against AppArmor and assign it to me.
Will testing with apparmor disabled be useful ?
Please use aa-complain /etc/apparmor.d/usr.sbin.docker (assuming
that's the profile filename - adjust as needed, and repeat for
containerd) to switch the profile to complain mode. This will allow
everything and log things that wouldn't be allowed by the profile.
Then use Docker as usual and check the audit.log for entries.
Note that the log lines contain apparmor="ALLOWED" for profiles in
BTW: the kernels that are currently building in Kernel:HEAD include the
fix for boo#1069562
There is a limit to the value of statistics.
After all, there are lies, damn lies, and statistics.
[Richard Brown in opensuse-project]
To unsubscribe, e-mail: opensuse-factory+unsubscribe(a)opensuse.org
To contact the owner, e-mail: opensuse-factory+owner(a)opensuse.org