2017.04.01 02:55, John Johansen rašė:
The denied info is stored as a separate flag, and I would say it is a bug that debug is not outputing it.
Should I report it in the Launchpad? Or it's good enough to get you noted here?
Overall, I would say auditing profiles is far to hard at the moment and we need some lint, and auditing tools to help with the process
Yeah, maybe some GUI/TUI tool would be useful, that would display your actual file system tree marked with red/green/whatever colors or other symbolism, showing what confined application can actually (or conceptually if actual file/direcotry or a pattern, mentioned in profile, does not yet exist) access when inspected profile is in effect.
-- AppArmor mailing list [email protected] Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor
