Mailinglist Archive: opensuse-support (97 mails)

< Previous Next >
Re: [opensuse-support] updatedb now fails for regular user with local db
Hello,

Am Mittwoch, 28. November 2018, 14:27:06 CET schrieb Ralph:
On Wed, 28 Nov 2018 12:44:11 +0100
Christian Boltz <opensuse@xxxxxxxxx> wrote:
(My guess is that you might have a backup copy of the original
profile, which gets loaded after the updated profile and replaces
it.)
Well, very very good "guessing", you nailed it perfectly.

Well, let's say I didn't have to guess that for the first time ;-)

dellT3620:~> grep -r /usr/bin/updatedb /etc/apparmor.d/
/etc/apparmor.d/usr.bin.updatedb.orig:/usr/bin/updatedb {
/etc/apparmor.d/usr.bin.updatedb.orig: /usr/bin/updatedb mr,
/etc/apparmor.d/usr.bin.updatedb:/usr/bin/updatedb {
/etc/apparmor.d/usr.bin.updatedb: /usr/bin/updatedb mr,

Moving the .orig backup file elsewhere, and doing the same for
locate.orig file, then another "rcapparmor reload", and all is
seemingly back to normal, update and locate both work fine on the
local db.

I'm happy to hear that :-)

I guess I am going to have to change my method of naming
backup copies of edited system files :-/

For AppArmor profiles, the best strategy is to move them out of
/etc/apparmor.d/ (actually I'd recommend that for all /etc/whatever.d/
directories)

Since Carlos asked - suffixes that get ignored by the AppArmor tools
(aa-logprof etc.) are:

aa.py: skippable_suffix = (
'.dpkg-new', '.dpkg-old', '.dpkg-dist', '.dpkg-bak', '.dpkg-remove',
'.pacsave', '.pacnew',
'.rpmnew', '.rpmsave',
'.orig', '.rej',
'~'
)

libapparmor (and apparmor_parser, if you give a directory as parameter)
also ignores these suffixes.

However, you accidently found a bug ;-) - the script that loads the
profiles doesn't ignore *.orig and *.rej files. I just submitted
https://gitlab.com/apparmor/apparmor/merge_requests/282
so that the next maintenance release will fix this.

(As a sidenote - if you'd have used a not-ignored extension for your
backup file, aa-logprof would have complained about having two profiles
for the same program.)


Regards,

Christian Boltz
--
Anschließend schaltest du deinen PC aus und hängst dich auf. Oder
umgekehrt
Nach reiflicher Überlegung habe ich meinen PC an die Decke gehängt, kann
aber jetzt meinen Ausschalter nicht finden. Was mache ich falsch?
[Dieter Bruegmann und Eugen Schabenberger in dag°]



--
To unsubscribe, e-mail: opensuse-support+unsubscribe@xxxxxxxxxxxx
To contact the owner, e-mail: opensuse-support+owner@xxxxxxxxxxxx

< Previous Next >
Follow Ups