Hello, Am Samstag, 4. Juni 2016, 15:04:04 CEST schrieb Guido Günther: > Well, there are no DENIED messages - that's the puzzling part and the > reason for this bug. The should be a all also contain "audit" and end > up in dmesg so my grep expression should have caught them
Does the profile contain any deny rules? If unsure, run apparmor_parser -pq /etc/apparmor.d/the.profile.to.check | grep deny (this will print out the profile with all includes merged in) deny rules are enforced even if you switch the profile to complain mode, and don't leave any log events behind. You might want to change them to"audit deny" temporarily to get log events (with AUDIT). BTW: If you switch the profile to complain mode, the messages will contain ALLOWED instead of DENIED. Regards, Christian Boltz PS: random sig ;-) -- [AppArmor] Unlike SELinux, it does not require a PhD in computer security to get it working... [Peter Czanik in opensuse-factory]
signature.asc
Description: This is a digitally signed message part.