Hello, Am Mittwoch, 28. November 2018, 14:27:06 CET schrieb Ralph:
On Wed, 28 Nov 2018 12:44:11 +0100 Christian Boltz
wrote: (My guess is that you might have a backup copy of the original profile, which gets loaded after the updated profile and replaces it.) Well, very very good "guessing", you nailed it perfectly.
Well, let's say I didn't have to guess that for the first time ;-)
dellT3620:~> grep -r /usr/bin/updatedb /etc/apparmor.d/ /etc/apparmor.d/usr.bin.updatedb.orig:/usr/bin/updatedb { /etc/apparmor.d/usr.bin.updatedb.orig: /usr/bin/updatedb mr, /etc/apparmor.d/usr.bin.updatedb:/usr/bin/updatedb { /etc/apparmor.d/usr.bin.updatedb: /usr/bin/updatedb mr,
Moving the .orig backup file elsewhere, and doing the same for locate.orig file, then another "rcapparmor reload", and all is seemingly back to normal, update and locate both work fine on the local db.
I'm happy to hear that :-)
I guess I am going to have to change my method of naming backup copies of edited system files :-/
For AppArmor profiles, the best strategy is to move them out of /etc/apparmor.d/ (actually I'd recommend that for all /etc/whatever.d/ directories) Since Carlos asked - suffixes that get ignored by the AppArmor tools (aa-logprof etc.) are: aa.py: skippable_suffix = ( '.dpkg-new', '.dpkg-old', '.dpkg-dist', '.dpkg-bak', '.dpkg-remove', '.pacsave', '.pacnew', '.rpmnew', '.rpmsave', '.orig', '.rej', '~' ) libapparmor (and apparmor_parser, if you give a directory as parameter) also ignores these suffixes. However, you accidently found a bug ;-) - the script that loads the profiles doesn't ignore *.orig and *.rej files. I just submitted https://gitlab.com/apparmor/apparmor/merge_requests/282 so that the next maintenance release will fix this. (As a sidenote - if you'd have used a not-ignored extension for your backup file, aa-logprof would have complained about having two profiles for the same program.) Regards, Christian Boltz --
Anschließend schaltest du deinen PC aus und hängst dich auf. Oder umgekehrt Nach reiflicher Überlegung habe ich meinen PC an die Decke gehängt, kann aber jetzt meinen Ausschalter nicht finden. Was mache ich falsch? [Dieter Bruegmann und Eugen Schabenberger in dag°]
-- To unsubscribe, e-mail: opensuse-support+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-support+owner@opensuse.org