On 2018-06-09 20:58, ellanios82 wrote:
On 09/06/18 21:39, Christian Boltz wrote:
Hello,
Am Samstag, 9. Juni 2018, 15:43:08 CEST schrieb Patrick Shanahan:
* ellanios82
[06-09-18 09:13]: # updatedb updatedb: can not open a temporary file for `/var/lib/mlocate/mlocate.db' - what to try next please? what about apparmor, cat /etc/apparmor.d/usr.bin.updatedb This profile is quite new, so it might indeed be incomplete.
Please switch it to complain (learning) mode and try again: aa-complain /etc/apparmor.d/usr.bin.updatedb This will allow everything, and log what would be denied.
Yes : thank you very much : updatedb works now :)) ...
Remember that this is not a solution. This is a method to find out what apparmour rule is blocking updatedb.
If updatedb works now, the AppArmor profile needs an update. In this case, please grep updatedb /var/log/audit/audit.log and either paste the result here [1],
..... # grep updatedb /var/log/audit/audit.log type=AVC msg=audit(1528548146.284:171): apparmor="DENIED" operation="capable" profile="/usr/bin/updatedb" pid=6687 comm="updatedb" capability=1 capname="dac_override"
And this is it. You have to do this below:
or open a bugreport and attach it.
You can also update the profile yourself using aa-logprof (but again, please open a bugreport to get it fixed for everybody)
Oh, and don't forget to switch the profile back to enforce mode afterwards: aa-enforce /etc/apparmor.d/usr.bin.updatedb
-- Cheers / Saludos, Carlos E. R. (from 42.3 x86_64 "Malachite" at Telcontar)