Mailinglist Archive: opensuse-factory (400 mails)

< Previous Next >
AppArmor changes (was: [opensuse-factory] New Tumbleweed snapshot 20180101 released!)
Hello,

Am Mittwoch, 3. Januar 2018, 12:45:44 CET schrieb Dominique Leuenberger:
==== apparmor ====
Version update (2.11.1 -> 2.12)

I should probably highlight this change:

- add aa-teardown (new script to unload all profiles)
- make ExecStop in apparmor.service a no-op (workaround for a systemd
restriction, see boo#996520 and boo#853019 for details)

The short version is:

"rcapparmor stop" and "systemctl stop apparmor" won't do anything now
because of the way how systemd implements "restart" [insert systemd
rant here].

If you really want to unload your AppArmor profiles, run "aa-teardown".
But - who would do that? ;-) [1]

The longer version is on
https://blog.cboltz.de/archives/77-AppArmor-2.12-The-Grinch-is-confined!.html
;-)


Regards,

Christian Boltz

[1] aa-complain /etc/apparmor.d/$whatever is a much better choice
because it logs what would be denied and allows you to update the
profile and/or to open a bugreport with useful logs
--
"Never surf faster, than your guardian penguin can fly!"



--
To unsubscribe, e-mail: opensuse-factory+unsubscribe@xxxxxxxxxxxx
To contact the owner, e-mail: opensuse-factory+owner@xxxxxxxxxxxx

< Previous Next >
Follow Ups