On Sun, Mar 25, 2007 at 06:00:31PM +0100, Peter Bradley wrote:
Honestly, whoever wrote this AppArmor thing must have been on drugs.
Thanks :) The AppArmor in 10.0 is unfortunate. It was hastily assembled shortly after Novell acquired Immunix, and hadn't yet figured out a business model. So the 10.0 version can only profile a handful of applications. AppArmor in newer distributions is significantly less stupid.
After fighting with it over what Apache could do, I now find it won't let Acroread open PDF files! What's that all about? I tried adding read permissions for *.pdf into the profile, but it still won't have it.
Can anyone explain how you get this thing to work? Is it best just to switch it off?
My best guess (without seeing your chages) is that you wrote something like: /*.pdf r, into the profile. '*' will not traverse directories, so this would only read pdf files stored in the filesystem root. /**.pdf r, would let your acroread read any PDFs anywhere. Once you get tired of hand-editing profiles and re-loading profiles on each change, give our wizards a shot. In one terminal, as an unconfined root user, run: genprof acroread Then start up acroread, use it a bit, close it. Then hit the 'scan' button, answer a few questions (keeping in mind the difference between '*' and '**') and when you click 'finish', you'll be good to go. There's also a yast version of this, something like "Novell AppArmor".. Hope this helps