Package: apparmor-notify Version: 2.7.0-1 Severity: important Tags: patch Hi,
running aa-notify fails out-of-the box: $ aa-notify ERROR: 'intrigeri' must be in 'admin' group. Aborting. Ask your admin to add you to this group or to change the group in /etc/apparmor/notify.conf if you want to use aa-notify. zsh: exit 1 aa-notify Creating the "admin" group and adding my user to it does not give me a working aa-notify either, so I find this error message misleading. This is because /etc/apparmor/notify.conf hardcodes use_group="admin". As far as a quick look at the aa-notify code seems to indicate, the use_group setting is only used as a way to allow aa-notify to guess if the running user is granted read access to the logfile this program needs to read. If my (quick) analysis is correct, I'm not convinced this setting is worth the additional complexity (and bugs) it brings in, but well. As a conclusion, it seems to me use_group should either be set to the group of users that is granted read access to /var/log/kern.log by default; this group is called "adm" in Debian, so I believe notify.conf should set use_group="adm" by default on Debian... or -even better IMHO- it may not set use_group at all, given aa-notify only uses this setting if it is set. Cheers, -- intrigeri | GnuPG key @ https://gaffer.ptitcanardnoir.org/intrigeri/intrigeri.asc | OTR fingerprint @ https://gaffer.ptitcanardnoir.org/intrigeri/otr.asc | Did you exchange a walk on part in the war | for a lead role in the cage? -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
