Mailinglist Archive: opensuse-support (97 mails)

< Previous Next >
Re: [opensuse-support] updatedb now fails for regular user with local db
Hello,

Am Dienstag, 27. November 2018, 16:00:33 CET schrieb Ralph:
On Mon, 26 Nov 2018 12:56:39 +0100
Christian Boltz <opensuse@xxxxxxxxx> wrote:
Exactly, aa-logprof will help to update the profile easily.

I didn't understand the options in aa-logprof so I followed your
manual
instructions:

What exactly in aa-logprof was hard to understand? I'm always open for
improvements ;-)

That said, you can also update the profiles manually:
[...]
Then run rcapparmor reload and everything should work as
expected.
This didn't work. The messages are now gone from aa-logprof, but
running:

"updatedb -l 0 -o /home/rsil/Downloads/rsildb -U /home/rsil"

...still gives me the message:

"updatedb: can not open a temporary file for
`/home/rsil/Downloads/rsildb'"

I checked my entries for any typos but all is good there...?

Maybe you need additional permissions I didn't guess from just reading
and adjusting the profiles.

Start tail -f /var/log/audit/audit.log as root and try updatedb
again. You'll probably get some log entries - just paste them (in your
next mail or paste.opensuse.org, depending on the size) so that I can
see what's going on.

You can/should also run aa-complain /etc/apparmor.d/usr.bin.updatedb
to switch the profile to learning mode so that we see everything that
would be denied instead of only the first issue.
Don't forget to switch the profile back to enforce mode with aa-enforce
when it's updated ;-)


Just to be sure, even if if sounds unlikely - did you check the owner
and directory permissions of /home/rsil/Downloads/ and the owner and
permissions of the existing "rsildb*" file(s)? If the filesystem
permissions deny access, AppArmor won't change anything ;-)


Regards,

Christian Boltz
--
<cboltz> jjohansen: you are making it too easy for kshitij8 ;-)
<jjohansen> cboltz: oops sorry, now I'll have to come up with a new task
to make him suffer :)
<sarnold> review the c++11 conversion? :)
* sarnold runs
<jjohansen> haha, sarnold I said suffer, not drive him to commit suicide
[from #apparmor]



--
To unsubscribe, e-mail: opensuse-support+unsubscribe@xxxxxxxxxxxx
To contact the owner, e-mail: opensuse-support+owner@xxxxxxxxxxxx

< Previous Next >
Follow Ups