Mailinglist Archive: opensuse-support (97 mails)

< Previous Next >
Re: [opensuse-support] updatedb now fails for regular user with local db
Hello,

Am Mittwoch, 28. November 2018, 03:25:44 CET schrieb Ralph:
There's nothing there now, after I manually edited the files as told.
I'm still DENIED during fresh db access tries, as per the log I
posted, but aa-logprof now just says:

dellT3620:~ # aa-logprof
Reading log entries from /var/log/audit/audit.log.
Updating AppArmor profiles in /etc/apparmor.d.
Enforce-mode changes:
dellT3620:~ #

That means the profiles now allow everything you have in the audit.log,
but for some reason the kernel doesn't know the updated profiles. [1]

Did you run "rcapparmor reload" after editing the profiles?

If "rcapparmor reload" doesn't help, please paste the output of the
following commands:

grep -r /usr/bin/updatedb /etc/apparmor.d/
grep -r /usr/bin/locate /etc/apparmor.d/
grep -r /home/rsil/Downloads/rsildb /etc/apparmor.d/

(My guess is that you might have a backup copy of the original profile,
which gets loaded after the updated profile and replaces it.)


Regards,

Christian Boltz

[1] There's also the option that aa-logprof doesn't understand some of
your audit.log entries, but this isn't the case here - file events
are fully supported.
--
Yeah, I always need to have a sick bag handy when thinking about
web apps ;-) [Ludwig Nussel in opensuse-packaging]



--
To unsubscribe, e-mail: opensuse-support+unsubscribe@xxxxxxxxxxxx
To contact the owner, e-mail: opensuse-support+owner@xxxxxxxxxxxx

< Previous Next >
Follow Ups
References