Am Dienstag, 2. April 2019, 17:43:14 CEST schrieb Johannes Weberhofer:
Am 01.04.19 um 23:42 schrieb Carlos E. R.:
> That posses a question of mine: How can I find
out what I modified
> on the profiles?
> For two reasons: move them to /etc/apparmor.d/local or report them.
> If I don't take notes at the time, I can't later find out what I did
I'm afraid that's not as easy as it should be. Currently the easiest way
is to keep track of the changes (for example save what "View changes"
displays). If it's already "too late" and you have changed the profiles
already, you can download the RPM (rpm -qf /etc/apparmor.d/$profile,
"apparmor-profiles" for most profiles), extract the profiles and diff
them to your version.
One item I have on my TODO list for upstream AppArmor for a while is to
change aa-logprof - ideally it should write to the local/ file instead
of the main profile.
The problem is that my TODO list isn't short, and that there are "a few"
other things I want to do do first to make this change easier.
That said - if you or someone else wants to help, that's more than
welcome ;-) Knowing python would be helpful, but if you know any
programming language, learning python probably isn't hard.
Thanks for your support. I have tried to switch
status settings for the profiles which didn't help. However, after a
reboot of the machine now everything works. I don't have a glue what
actually went wrong before.
What does grep DENIED /var/log/audit/audit.log say?
(maybe also check audit.log* if it got rotated away)
Backups should be done with tar to a 9 track tape, as the computer gods
intended. ;-) [James Knott in opensuse-factory]
To unsubscribe, e-mail: opensuse-project+unsubscribe(a)opensuse.org
To contact the owner, email: opensuse-project+owner(a)opensuse.org