On 2023-02-02 23:32, Per Jessen wrote:
Carlos E. R. wrote:
Wait, I have the audit log:
Telcontar:~ # grep "usr/bin/locate\|/var/lib/mlocate/mlocate.db" /var/log/audit/* /var/log/audit/audit.log.1:type=AVC msg=audit(1675247354.543:1682): apparmor="DENIED" operation="capable" profile="/usr/bin/locate" pid=26774 comm="locate" capability=6 capname="setgid"
Okay - setgid, that is not in the profile. Nor is it in tw.
But it is in mine, and in my backup. It is possible that the upgrade to 15.4 reset it, so now aa complains again and I had to put it back.
I'm sure you've reported it, so it'll turn up in public eventually :-)
I don't remember if I have reported it in bugzilla. In the past, prior to aa-logprof displaying the diff, it was not that easy. Ok, now I have that, but I don't remember where to report. Sometimes, posting here was enough. -- Cheers / Saludos, Carlos E. R. (from 15.4 x86_64 at Telcontar)