Currently there isn't a good way to set the flags on a profile without editing the local copy. There is an overlay mechanism coming, but it has not landed yet. There is also another mechanism for dealing with disconnected object coming. But until these extensions land there is a way to do local profile versions without causing packaging conflicts, though it does mean that you will have to manually merge in updates to your local profile.
in /etc/apparmor.d/disable/ create a symlink to the package version of the profile. ln -s /etc/apparmor.d/usr.sbin.rsyslog /etc/apparmor.d/disable/usr.sbin.rsyslog this will keep the package version of the profile from loading. Copy the profile to a local file. cp /etc/apparmor.d/usr.sbin.rsyslog /etc/apparmor.d/my-rsyslog Edit the profile to add the attach_disconnected flag. reload your profiles. -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1373070 Title: full fix for disconnected path (paths) Status in cups package in Ubuntu: Fix Released Status in linux package in Ubuntu: Triaged Status in rsyslog package in Ubuntu: Confirmed Bug description: With the apparmor 3 RC1 upload, there is an incomplete bug fix for disconnected paths. This bug is to track that work. This denial may be related: Sep 23 10:10:50 localhost kernel: [40262.517799] audit: type=1400 audit(1411485050.722:2862): apparmor="DENIED" operation="sendmsg" info="Failed name lookup - disconnected path" error=-13 profile="/usr/sbin/rsyslogd" name="dev/log" pid=7011 comm="logger" requested_mask="r" denied_mask="r" fsuid=0 ouid=0 This is related to bug 1375410 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/cups/+bug/1373070/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
