-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Thursday, 2008-11-06 at 16:35 -0500, Anton Aylward wrote:
Carlos E. R. said the following on 11/06/2008 04:15 PM:
I'm suspecting apparmour.
[...]
yes! Dammit! Argh!
Could be.
It is, it is, I know, I tested. I just had no time to explain before, I was on a hurry. Sorry. I'll explain now.
Could also be what I ended up doing last wee; one shell open _before_ downloading and applying updates, one shell _after_.
That's what I thought first, but I have a little script to check what files from the previous state are stillbeing used after the update: lsof | grep -E 'RPMDELETE|;|path inode=' that line detects them, and I have pending: resapplet 4560 cer mem REG 22,70 327496 /usr/share/icons/hicolor/icon-theme.cache (path inode=327463) tomboy 4801 cer mem REG 22,70 327496 /usr/share/icons/hicolor/icon-theme.cache (path inode=327463) corresponding to: COMMAND PID USER FD TYPE DEVICE SIZE NODE NAME - ---------------------------------------------------------------------------------------
But apparmour interferes in odd ways...
I suddenly repmebered I had been playing wiht it, so it was my fault; compounded whith the wizzard and its almost useless help file. You see a bunch of buttons and no idea what each button does, and help doesn't explain it and the consequences; I had to guess, and I guessed badly, obviously. I'll try to explain what I was trying to do. I have syslog-ng trigger a script on a certain action; why I want that is a long story, it is a kind of hack. In syslog-ng.conf I have: filter f_router_got_ip { host("router") and match("Received valid IP address from server"); }; #Cer ... destination routerip { program("/usr/local/bin/syslog-askandlogrouterip"); }; log { source(ext); filter(f_router_got_ip); destination(routerip); }; The 'syslog-askandlogrouterip' script is a filter or pipe: #!/bin/bash # try that sshagent does not interfere! export SSH_AGENT_PID='' export SSH_AUTH_SOCK='' while true ; do read set `/home/cer/bin/router_ip | /usr/bin/grep 0.8.32 | /usr/bin/cut --fields=14-15` /bin/logger -t router -p syslog.warn "Got new IP=" $* done The entire effect of this rigmarole is to call a expect script ("/home/cer/bin/router_ip") which runs an ssh session to my router to run the command that outputs my current internet IP, and then I log this IP to syslog. I know, it is weird, but it is the only way my router has, and it works fine... as long as aparmour is not running. syslog-ng is protected by apparmour. As the entry point to my hack is a script, apparmour wants to protect bash... and in my attempts to do this in the wizzard it turns out it jailed all bash instances instead of only the one used by my script. The easiest way is to remove the syslog-ng profile from apparmour - leanving it uprotected, which is no big deal in my case, anyway. I might end by creating my own binary filter, which would solve part of the problem. At least, no bash involved, but 'expect' would still be there. - -- Cheers, Carlos E. R. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.9 (GNU/Linux) iEYEARECAAYFAkkTb/AACgkQtTMYHG2NR9XMpACcCC/ruGZNQNQ4/zgQy9xY9O28 uxIAn2Zp8ucx0klikXAEfX2d8GdHB5ro =bV/q -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org