Hello, Am Montag, 26. November 2018, 11:24:33 CET schrieb Carlos E. R.:
On 26/11/2018 10.49, Ralph wrote:
On Sun, 25 Nov 2018 20:01:33 -0500
Patrick Shanahan <paka@opensuse.org> wrote:
* Ralph <suselist@cableone.net> [11-25-18 19:50]:
[os Leap 15, xfce]
I have a private mlocate database in my /home.
Nobody told me about that when I created and submitted an AppArmor profile for locate and updatedb ;-) This also means that I'm not surprised that you get a "permission denied" error.
Did that. My google-fu is really weak but it seems the Nov 17 update to mlocate was to fix a problem with mlocate/updatedb permissions related to apparmor,
I'd have to check the details, but I'm quite sure that this update added the AppArmor profile.
https://bugzilla.opensuse.org/show_bug.cgi?id=1089594
I'm having trouble following the logic of that bug chat as my knowledge of apparmor is slim to none, especially at 3:30 am here. What's it say there? 8-/
That bug was about adding the AppArmor profiles (as security improvement) and, starting at comment 4, that the updatedb profile needs some capabilities added that weren't part of the initial profile.
Move the file "/etc/apparmor.d/usr.bin.locate" temporarily somewhere else, restart apparmour, and try again with locate. If it works, open a bugzilla.
That won't work - reloading apparmor no longer unloads unknown profiles. You'll need to run aa-remove-unknown - but before you do that, check the release notes for details and the reason for this change. If you really want to disable a profile, use aa-disable, but I don't recommend that. Instead, switch the profile to complain (learning) mode with aa-complain, and after updating the profile, switch it back to enforce mode with aa-logprof.
Alternative.
Run "aa-logprof", hopefully it says something about something in locate being denied and gives you the chance to allow it.
Exactly, aa-logprof will help to update the profile easily. That said, you can also update the profiles manually: In /etc/apparmor.d/usr.bin.locate, add /home/rsil/Downloads/rsildb r, In /etc/apparmor.d/usr.bin.updatedb, add /home/rsil/Downloads/rsildb rwk, /home/rsil/Downloads/rsildb.?????? rw, Then run rcapparmor reload and everything should work as expected. Notice to myself: the updatedb and locate profiles should have a local/ include so that you don't need to modify the packaged profiles. Regards, Christian Boltz -- Was schlagen sie vor, Prof. Dr. cvs. Boltz? :-) [Ratti in fontlinge-devel] -- To unsubscribe, e-mail: opensuse-support+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-support+owner@opensuse.org