http://bugzilla.opensuse.org/show_bug.cgi?id=1128467
http://bugzilla.opensuse.org/show_bug.cgi?id=1128467#c23
--- Comment #23 from Christian Boltz ---
Looks mostly good, except
+ profile /usr/bin/hpijs flags=(complain) {
+ #include
+
+ /usr/bin/hpijs ix,
+ }
That adds an unused child profile. Please change it to
+ /usr/bin/hpijs Cx, # added
+ profile /usr/bin/hpijs flags=(complain) {
+ #include
+
+ /usr/bin/hpijs mr, # changed to "mr"
+ }
Normally I'd also complain about having this child profile in complain mode ;-)
but since this profile is still under development and hpijs probably needs more
permissions than what the child profile has, not breaking users is more
important than not shipping complain mode profiles. (Unfortunately that also
means you won't get too many audit logs for hpijs because it "works".)
@hpijs users - even if printing "works" again, please check your
/var/log/audit/audit.log for AppArmor ALLOWED and DENIED events and report them
in bugzilla!
As a sidenote - a side effect of renaming the profile is that the previous
profile will be used until you a) manually unload the old profile or b) reboot.
That's a one-time issue (probably not worth spending time on it), but you
should be aware of this detail.
--
You are receiving this mail because:
You are on the CC list for the bug.