Mailinglist Archive: opensuse-support (159 mails)

< Previous Next >
Re: [opensuse-support] Re: [opensuse-factory] mlocate
On 2018-06-09 20:58, ellanios82 wrote:
On 09/06/18 21:39, Christian Boltz wrote:

Am Samstag, 9. Juni 2018, 15:43:08 CEST schrieb Patrick Shanahan:
* ellanios82 <ellanios82@xxxxxxxxx> [06-09-18 09:13]:
# updatedb
updatedb: can not open a temporary file for
  - what to try next please?
what about apparmor,
   cat /etc/apparmor.d/usr.bin.updatedb
This profile is quite new, so it might indeed be incomplete.

Please switch it to complain (learning) mode and try again:
     aa-complain /etc/apparmor.d/usr.bin.updatedb
This will allow everything, and log what would be denied.

Yes : thank you very much : updatedb works now   :))

Remember that this is not a solution. This is a method to find out what
apparmour rule is blocking updatedb.

If updatedb works now, the AppArmor profile needs an update. In this
case, please
     grep updatedb /var/log/audit/audit.log
and either paste the result here [1],

# grep updatedb /var/log/audit/audit.log
type=AVC msg=audit(1528548146.284:171): apparmor="DENIED"
operation="capable" profile="/usr/bin/updatedb" pid=6687 comm="updatedb"
capability=1  capname="dac_override"

And this is it.

You have to do this below:

  or open a bugreport and attach it.

You can also update the profile yourself using
(but again, please open a bugreport to get it fixed for everybody)

Oh, and don't forget to switch the profile back to enforce mode
     aa-enforce /etc/apparmor.d/usr.bin.updatedb

Cheers / Saludos,

Carlos E. R.
(from 42.3 x86_64 "Malachite" at Telcontar)

< Previous Next >