https://bugzilla.novell.com/show_bug.cgi?id=473529
User jjohansen@novell.com added comment
https://bugzilla.novell.com/show_bug.cgi?id=473529#c1
--- Comment #1 from John Johansen 2009-02-07 03:34:10 MST ---
This is not a defect of AppArmor. AppArmor does know of and can mediate
setting rlimits, the problem is that the profile confining the Application did
not have sufficient privilege to dump a core file, and AppArmor did its job and
prevented it from doing so. AppArmor by design will not allow any operation
without sufficient privilege and in the case of core files it actually takes
more privilege than just raising the ulimit.
In the case of nscd, you will also need
capability setgid,
capability setuid,
AppArmor will have generated reject messages in /var/log/audit/audit.log, which
can be used to update the profile (logprof or update profile wizard). If you
are using AppArmor in a desktop setting I would recommend you install the
apparmor audit dispatcher, and apparmor gnome applet so that you can be
notified when AppArmor is generating rejects.
--
Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.