Hello, Am Mittwoch, 3. Januar 2018, 12:45:44 CET schrieb Dominique Leuenberger:
==== apparmor ==== Version update (2.11.1 -> 2.12)
I should probably highlight this change:
- add aa-teardown (new script to unload all profiles) - make ExecStop in apparmor.service a no-op (workaround for a systemd restriction, see boo#996520 and boo#853019 for details)
The short version is: "rcapparmor stop" and "systemctl stop apparmor" won't do anything now because of the way how systemd implements "restart" [insert systemd rant here]. If you really want to unload your AppArmor profiles, run "aa-teardown". But - who would do that? ;-) [1] The longer version is on https://blog.cboltz.de/archives/77-AppArmor-2.12-The-Grinch-is-confined!.htm... ;-) Regards, Christian Boltz [1] aa-complain /etc/apparmor.d/$whatever is a much better choice because it logs what would be denied and allows you to update the profile and/or to open a bugreport with useful logs -- "Never surf faster, than your guardian penguin can fly!" -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org