On 28/11/2018 03.25, Ralph wrote:
On Wed, 28 Nov 2018 03:02:59 +0100 "Carlos E. R."
wrote: I was shown a list of profiles (3?), one with wildcards, and had no idea which one even to deal with, or maybe it was all 3 to be worked. I also tried the gui version of it with same "what do I do here" result.
Just copy that screen here and I'll tell you which to choose.
There's nothing there now, after I manually edited the files as told. I'm still DENIED during fresh db access tries, as per the log I posted, but aa-logprof now just says:
dellT3620:~ # aa-logprof Reading log entries from /var/log/audit/audit.log. Updating AppArmor profiles in /etc/apparmor.d. Enforce-mode changes: dellT3620:~ #
Well, if it is apparmor, the thing to do is put the profile in complain mode and see the log. I tried your method in my desktop computer, and it works: cer@Telcontar:~> updatedb -l 0 -o /home/cer/Downloads/updatedb -U /home/cer cer@Telcontar:~> l /home/cer/Downloads/updatedb -rw-r--r-- 1 cer users 8195214 Nov 28 12:31 /home/cer/Downloads/updatedb cer@Telcontar:~> updatedb -l 0 -o /home/cer/Downloads/updatedb -U /home/cer cer@Telcontar:~> However: cer@Telcontar:~> l /home/cer/Downloads/updatedb -rw-r--r-- 1 cer users 8195258 Nov 28 12:35 /home/cer/Downloads/updatedb cer@Telcontar:~> chmod g-r,o-r /home/cer/Downloads/updatedb cer@Telcontar:~> l /home/cer/Downloads/updatedb -rw------- 1 cer users 8195258 Nov 28 12:35 /home/cer/Downloads/updatedb cer@Telcontar:~> updatedb -l 0 -o /home/cer/Downloads/updatedb -U /home/cer cer@Telcontar:~> l /home/cer/Downloads/updatedb -rw-r--r-- 1 cer users 8195323 Nov 28 12:36 /home/cer/Downloads/updatedb cer@Telcontar:~> As you can see, updatedb changes the permissions. cer@Telcontar:~> chmod g-r-x,o-r-x /home/cer/Downloads/ cer@Telcontar:~> chmod g-r,o-r /home/cer/Downloads/updatedb cer@Telcontar:~> updatedb -l 0 -o /home/cer/Downloads/updatedb -U /home/cer cer@Telcontar:~> l /home/cer/Downloads/updatedb -rw-r--r-- 1 cer users 8195347 Nov 28 12:38 /home/cer/Downloads/updatedb cer@Telcontar:~> Maybe the apparmor update does not apply to oS 42.3. I'll try later in another machine with 15.0 -- Cheers / Saludos, Carlos E. R. (from 42.3 x86_64 "Malachite" at Telcontar)