Mailinglist Archive: opensuse-support (159 mails)

< Previous Next >
Re: [opensuse-support] Re: [opensuse-factory] mlocate
On 09/06/18 21:39, Christian Boltz wrote:
Hello,

Am Samstag, 9. Juni 2018, 15:43:08 CEST schrieb Patrick Shanahan:
* ellanios82 <ellanios82@xxxxxxxxx> [06-09-18 09:13]:
# updatedb
updatedb: can not open a temporary file for
`/var/lib/mlocate/mlocate.db'
- what to try next please?
what about apparmor,
cat /etc/apparmor.d/usr.bin.updatedb
This profile is quite new, so it might indeed be incomplete.

Please switch it to complain (learning) mode and try again:
aa-complain /etc/apparmor.d/usr.bin.updatedb
This will allow everything, and log what would be denied.

Yes : thank you very much : updatedb works now   :))
...

If updatedb works now, the AppArmor profile needs an update. In this
case, please
grep updatedb /var/log/audit/audit.log
and either paste the result here [1],

.....
# grep updatedb /var/log/audit/audit.log
type=AVC msg=audit(1528548146.284:171): apparmor="DENIED" operation="capable" profile="/usr/bin/updatedb" pid=6687 comm="updatedb" capability=1  capname="dac_override"
type=AVC msg=audit(1528548244.938:172): apparmor="DENIED" operation="capable" profile="/usr/bin/updatedb" pid=6743 comm="updatedb" capability=1  capname="dac_override"
type=AVC msg=audit(1528548317.456:173): apparmor="DENIED" operation="capable" profile="/usr/bin/updatedb" pid=6820 comm="updatedb" capability=1  capname="dac_override"
type=AVC msg=audit(1528570200.931:175): apparmor="STATUS" operation="profile_replace" profile="unconfined" name="/usr/bin/updatedb" pid=18539 comm="apparmor_parser"
type=AVC msg=audit(1528570244.906:176): apparmor="ALLOWED" operation="capable" profile="/usr/bin/updatedb" pid=18558 comm="updatedb" capability=1  capname="dac_override"
type=AVC msg=audit(1528570244.946:177): apparmor="ALLOWED" operation="capable" profile="/usr/bin/updatedb" pid=18558 comm="updatedb" capability=2  capname="dac_read_search"
type=AVC msg=audit(1528570244.954:178): apparmor="ALLOWED" operation="capable" profile="/usr/bin/updatedb" pid=18558 comm="updatedb" capability=3  capname="fowner"
type=AVC msg=audit(1528570245.230:179): apparmor="ALLOWED" operation="capable" profile="/usr/bin/updatedb" pid=18558 comm="updatedb" capability=2  capname="dac_read_search"
type=AVC msg=audit(1528570245.230:180): apparmor="ALLOWED" operation="capable" profile="/usr/bin/updatedb" pid=18558 comm="updatedb" capability=3  capname="fowner"
type=AVC msg=audit(1528570245.378:181): apparmor="ALLOWED" operation="capable" profile="/usr/bin/updatedb" pid=18558 comm="updatedb" capability=2  capname="dac_read_search"
type=AVC msg=audit(1528570245.378:182): apparmor="ALLOWED" operation="capable" profile="/usr/bin/updatedb" pid=18558 comm="updatedb" capability=3  capname="fowner"
type=AVC msg=audit(1528570245.390:183): apparmor="ALLOWED" operation="capable" profile="/usr/bin/updatedb" pid=18558 comm="updatedb" capability=2  capname="dac_read_search"
type=AVC msg=audit(1528570245.390:184): apparmor="ALLOWED" operation="capable" profile="/usr/bin/updatedb" pid=18558 comm="updatedb" capability=3  capname="fowner"
...........

or open a bugreport and attach it.

You can also update the profile yourself using
aa-logprof
(but again, please open a bugreport to get it fixed for everybody)

Oh, and don't forget to switch the profile back to enforce mode
afterwards:
aa-enforce /etc/apparmor.d/usr.bin.updatedb


Regards,

Christian Boltz

[1] use paste.opensuse.org if it's too big

 Thank you very much

.....


--
To unsubscribe, e-mail: opensuse-support+unsubscribe@xxxxxxxxxxxx
To contact the owner, e-mail: opensuse-support+owner@xxxxxxxxxxxx

< Previous Next >