Hello, Am Samstag, 4. Juni 2016, 15:04:04 CEST schrieb Guido Günther: > Well, there are no DENIED messages - that's the puzzling part and the > reason for this bug. The should be a all also contain "audit" and end > up in dmesg so my grep expression should have caught them
Does the profile contain any deny rules?
If unsure, run
apparmor_parser -pq /etc/apparmor.d/the.profile.to.check | grep deny
(this will print out the profile with all includes merged in)
deny rules are enforced even if you switch the profile to complain mode,
and don't leave any log events behind. You might want to change them
to"audit deny" temporarily to get log events (with AUDIT).
BTW: If you switch the profile to complain mode, the messages will
contain ALLOWED instead of DENIED.
Regards,
Christian Boltz
PS: random sig ;-)
--
[AppArmor] Unlike SELinux, it does not require a PhD in computer
security to get it working... [Peter Czanik in opensuse-factory]
signature.asc
Description: This is a digitally signed message part.
