Hello, Am Mittwoch, 28. November 2018, 03:25:44 CET schrieb Ralph:
There's nothing there now, after I manually edited the files as told. I'm still DENIED during fresh db access tries, as per the log I posted, but aa-logprof now just says:
dellT3620:~ # aa-logprof Reading log entries from /var/log/audit/audit.log. Updating AppArmor profiles in /etc/apparmor.d. Enforce-mode changes: dellT3620:~ #
That means the profiles now allow everything you have in the audit.log, but for some reason the kernel doesn't know the updated profiles. [1] Did you run "rcapparmor reload" after editing the profiles? If "rcapparmor reload" doesn't help, please paste the output of the following commands: grep -r /usr/bin/updatedb /etc/apparmor.d/ grep -r /usr/bin/locate /etc/apparmor.d/ grep -r /home/rsil/Downloads/rsildb /etc/apparmor.d/ (My guess is that you might have a backup copy of the original profile, which gets loaded after the updated profile and replaces it.) Regards, Christian Boltz [1] There's also the option that aa-logprof doesn't understand some of your audit.log entries, but this isn't the case here - file events are fully supported. -- Yeah, I always need to have a sick bag handy when thinking about web apps ;-) [Ludwig Nussel in opensuse-packaging] -- To unsubscribe, e-mail: opensuse-support+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-support+owner@opensuse.org