/apparmor-bugreport-*.txt with more debug info. I'll need that file,
and the audit.log line containing the filename that triggers the broken
regex.
An alternative is to send me [2] your audit.log (or only the line that
triggers the problem, if you can find out which line it is) so that I c
r" case (but not for performance checks).
The initial timeouts were based on "works for me/on my laptop", and
we've since increased the timeout for several tests in test-logprof.py
so that it has enough time to finish on all architectures.
So if another test needs an increas
empty' > "$file"
done
Important: This will overwrite the content of several of your local/*
files. Having a backup can't hurt ;-)
Oh, and there's nothing wrong with your tunables/ files ;-)
Regards,
Christian Boltz
--
Ultimately, I'm the one who has to res
al" files that don't have include
Can you please check which files are affected? (Bonus points if you also
check and report from which package they come.)
Regards,
Christian Boltz
[1] At least there's already a bugreport for this:
https://gitlab.com/apparmor/apparmor/-/is
Hello,
Am Samstag, 28. September 2024, 11:48:03 schrieb Remus-Gabriel Chelu:
> Sorry, for the late reply...
No worries, I know what being busy means ;-)
Also, thanks for uploading your translations to launchpad!
> În 16.09.2024 20:58, Christian Boltz a scris:
> > Do you
parmor/apparmor/-/merge_requests/1340
Regards,
Christian Boltz
--
We need to make sure that the direction we're going and the decisions
we're taking are made by people who will suffer the consequences of
them. [Henne Vogelsang in opensuse-project]
signature.asc
Description: Thi
is somewhat
annoying. This also means we are open for changes.
Do you think Debian translators would be willing to contribute to the
AppArmor upstream translations for all languages? If so, using
weblate.debian.net would be a great option :-)
Regards,
Christian Boltz
--
Bugzilla is not me
not yet
supported in 3.x) for distributions that include AppArmor 3.x.
Regards,
Christian Boltz
[1] I didn't check which package ships the font-manager profile, but I'm
quite sure it isn't part of apparmor-profiles.
--
[package naming] Another funny example is libreoffice,
it ac
on in an older branch is worth the effort.
Therefore I'd recommend that the Debian package gets upgraded to 3.1.x.
Regards,
Christian Boltz
--
> Well I must admit I feel like an idiot,
A typical feeling for each software developer ;)
[> Dave Plater and Adrian Schröter in opensuse-
d ...
>
> but the actual --warn options are rule-not-enforced /
> no-rule-not-enforced (without s)
Nice catch!
This bug survived since 2014 (c2b8a72317), but I submitted the fix
upstream before it wants to celebrate its 10th birthday ;-)
https://gitlab.com/apparmor/apparmor/-/merge_requests
y contains these two rules
(for DNS resolution etc.), so this workaround is already accidentally in
place in some profiles ;-)
Regards,
Christian Boltz
[1] see https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1784499
comment 13
--
Having presentation after lunch break when sun
looks strange, even if
it's inside a sandbox. But I'm afraid that's what the sandbox needs.)
For the records. aa-logprof doesn't support mount rules yet (besides
keeping/not breaking existing rules) which is why it doesn't ask
anything for the DENIED event quoted above.
Regar
o even if you have a
profile with abi/3.0, unix rules won't be enforced.
There's an exception: Ubuntu kernels carry some patches to enable unix
and some other rules even with older AppArmor versions.
Regards,
Christian Boltz
--
in my experience it's safe to assume developers never test
[Stephan Kulow in opensuse-factory]
signature.asc
Description: This is a digitally signed message part.
my hope is
limited).
For testing, you could also try with a more broad
unix send,
or even
unix,
rule - but please don't add these broader rules to the production
profile.
Regards,
Christian Boltz
--
you need a certificate, nobody knows how to do that securely (including
the CAs ;-
just be
/etc/apparmor.d/abstractions/squid-deb-proxy
(assuming no other files get deployed to
/etc/apparmor.d/abstractions/squid-deb-proxy/ )
Bonus points if you add
include if exists
to the abstraction ;-)
For the records: include if exists needs AppArmor >= 3.0 userspace.
Re
Hello,
Am Mittwoch, 1. Februar 2023, 16:00:06 CET schrieb Antoine Beaupré:
> On 2023-01-31 23:57:04, Christian Boltz wrote:
> > I'm somewhat surprised about that because the upstream profile for
> > sshd has the following rule since Dec 3 2016 :
> > /{usr/,}bin/bas
re should
also avoid the long chain you see.
However, your log looks like your profile does not allow executing
/usr/bin/bash.
Now I wonder - does your sshd profile lack this line/rule?
(If in doubt, please attach the complete profile.)
Regards,
Christian Boltz
--
But you are probably also c
instead of
using a home.d/ file to extend a variable with +=
Regards,
Christian Boltz
--
> I like science when some "vodoo" is needed to make it work ;-)
Magic is just another word for indistinguishable advanced technology :D
[> Bruno Friedmann and Jan Engelhardt in opensuse-fa
n,
(and remove the deny rule).
Note, since this bug includes two different AppArmor denials:
capability sys_nice, for cups-browsed is unrelated to what I wrote
above. Please don't change your cups-browsed profile (= keep it in
complain mode) while testing the deny rule in the cupsd prof
t;
Original: @{HOMEDIRS}/*/ /root/# replace @{HOMEDIRS} with /home/
Result: /home/*/ /root/
apparmor_parser: "Looks good. That variable has two items, split it and
update the rule..." (which gives us two rules, one for each variable
item)
Result: /home/*/foo r, /root/foo r,
Does t
ly be included in
AppArmor 3.1 and newer. I don't expect to get it backported to the 3.0
or 2.x branches.
Regards,
Christian Boltz
--
> Using the internet since 28.8kbit. Yes, I'm 'old'.
My first modem was 300 bits/sec, you young whipper snapper! ;-)
[> Yamaban and
#x27;t include abstractions/base.
(Nevertheless, the apache hats should allow to be ptraced. I'll leave
that to the maintainer of the Apache profile in Debian - and would love
to see the fix upstreamed.)
Regards,
Christian Boltz
--
okay. when can we have the next power outage,
for testing purposes ?
[from #opensuse-admin]
signature.asc
Description: This is a digitally signed message part.
fortunately the patch is quite big, which makes backporting to the
2.13 branch nearly impossible.
I'm afraid you'll either need to upgrade to 3.x - or avoid using
"include if exists" as long as you use 2.13.x.
Regards,
Christian Boltz
--
> We could call it openSUSE 11
d a "relay" ;-)
Regards,
Christian Boltz
--
Hmmm I think I hear steve yelling something about a unit test,
but he is on vacation so I'll just ignore him for now ;)
[John Johansen in apparmor]
signature.asc
Description: This is a digitally signed message part.
y package; disadvantage: applying grep
magic to the real world is sometimes not as easy as it looks)
BTW: If you want to use grep, you can steal the grep regex from the
upstream profiles/Makefile (in the "local:" target).
Regards,
Christian Boltz
--
A bug a day keeps the doctor away - ke 2006
[bugzilla.novell.com quips]
signature.asc
Description: This is a digitally signed message part.
Hello,
Am Mittwoch, 14. Juli 2021, 01:04:16 CEST schrieb Ben Finney:
> Control: retitle -1 python3-coverage should have libjs-jquery* in
> Depends instead of Recommends
> On 13-Jul-2021, Christian Boltz wrote:
> > Package: python3-coverage
>
> (Assuming this is the p
sorter
They are already listed under "Recommends:", but since the coverage
module is not very useful if it can't generate html reports, please list
them under "Depends:" instead of "Recommends:".
Regards,
Christian Boltz
--
As long as there are Steam games wh
fect upstream code,
and I'd guess that they are not Debian-specific.
Would you be willing to submit these fixes upstream at
https://gitlab.com/apparmor/apparmor/-/merge_requests ?
I can't really comment on the debian/* changes - EWRONGDISTRO ;-)
Regards,
Christian Boltz
--
I gu
onsider to do this if an abstraction changes. (In theory it could have
side effects if there are modified, but intentionally-not-yet-reloaded
profiles. In practise, I'd prefer these side effects over having
profiles with outdated abstractions loaded.)
Regards,
Christian Boltz
PS: In c
xists
rules.
Regards,
Christian Boltz
[1] The only exception is abstractions/ubuntu-browsers because (for
historic reasons) an abstractions/ubuntu-browsers.d directory
already exists and is used in a different way.
--
seccheck runs here on a host that contains 3 daily backups
pear if you restart syslog-ng?
Bonus question: Do you have a non-default syslog-ng config that could
explain the exec chain I mentioned at the beginning?
Regards,
Christian Boltz
--
> Would it be ok to just switch all build sections to use lua?
> Probably much faster than the shells anywa
nnected path",
then you'll need to add the attach_disconnected flag to the profile,
something like:
profile mysql /usr/bin/mysqld flags=(attach_disconnected {
If my guess was wrong, please provide the audit.log messages you see -
they would help to clean the nebulous areas on m
amav/database/ (which I
obviously don't need for server usage) - but I'm sure Jamie had good
reasons to allow that ;-)
If you open a merge request upstream, I'll happily review it ;-)
Feel free to commit the Debian profile + the additional rules listed
above - that's probabl
just added this idea to the agenda for the next upstream meeting (next
Tuesday), let's see what the others think about it.
Regards,
Christian Boltz
--
I blame containers.
But then I blame containers for most things.
[Liam Proven in opensuse-factory]
signature.asc
Description: This is a digitally signed message part.
ackage might need to
co-own the directory, or needs a dependency on the apparmor package to
ensure the directory exists.
Regards,
Christian Boltz
[1] I'm used to rpm -qf $file - but that won't work on Debian ;-)
--
0830?? on day 2 at FOSDEM? Good lord it will be a small miracle
if
the gpg subprofile, and then to create a child profile called
gpg-agent:
profile gpg-agent {
# TODO
}
As a sidenote - soneone in the #apparmor IRC channel (on OFTC) spent
some work on creating a profile for thunderbird a few weeks ago.
Unfortunately the pastebin links have expired,
ts used in the failing builds?
If it's older than 4.0.1, then updating swig is probably the first thing
to do/test ;-)
Note that this is just a wild guess ;-)
Regards,
Christian Boltz
--
seccheck runs here on a host that contains 3 daily backups of 10+ SAP
hosts, and the "Local Month
ppArmor?
- If so, please contribute your additions upstream at
https://gitlab.com/apparmor/apparmor/
- If not - why? ;-)
Regards,
Christian Boltz
--
what is Office? Is that software I need if I work in an office
(e.g. patience game)? [Stephan Kulow in opensuse-factory]
signature.asc
Description: This is a digitally signed message part.
lib.dovecot.lmtp
(it's an include file where you can add rules specific for your system,
or let it empty if you don't need additional rules)
If you copied more dovecot profiles to /etc/apparmor.d/, you'll probably
need to create local/ include files for each of them. The error me
Hello,
Am Donnerstag, 14. März 2019, 16:11:46 CET schrieb Jonas Meurer:
> Done in
> https://salsa.debian.org/ddp-team/release-notes/merge_requests/8
Thanks!
> So this bugreport can be closed now, right?
Yes :-) - but I'll let intrigeri or you do the "paperwork" ;-)
R
rtrace/ptrace/ if you want to get rid of the "nearly" ;-)
Regards,
Christian Boltz
--
We should actually check if the installation via braille still works.
OTOH, it is a tradition that it's always broken by a late RC due to
color scheme changes... :-) [Stefan Seyfried in o
ernel 4.14)
- signal (also since kernel 4.14)
Regards,
Christian Boltz
[1] I'm not a Debian expert, and enjoy having the kernel patch to
enforce network rules in the openSUSE kernel since years ;-)
--
As you may guess from my comments I do not prefer to ask user to
something unless
tc/apparmor.d/autogenerated" || silentexit "directory for
autogenerated profile sniplets doesn't exist"
Regards,
Christian Boltz
--
> Das ist wieder so ein schöner Popcorn-Thread, zu dem ich
> meinen Senf dazu geben will:
Popcorn mit Senf :-)
[> Jens Nixdorf und Rainer Koenig in suse-linux]
signature.asc
Description: This is a digitally signed message part.
e script changing the file).
BTW: Minor nitpicking on
https://salsa.debian.org/samba-team/samba/compare/874f9270b6f743c4d0c3eb1a1a3e1fa814bf25cc...bd4c1577a9b
Can you please change the changelog to "Christian Boltz (openSUSE)"
(instead of "SUSE")? ;-)
Regards,
Christian Bol
s
|| \
silentexit "smbd profile not loaded"
Oh, BTW - thanks for accidently ;-) reporting this openSUSE bug!
I forwarded it to our Samba maintainers in
https://bugzilla.opensuse.org/show_bug.cgi?id=1126377
Please grab the patch from this bugreport to ensure that the Debian and
o
something like that:
/etc/cups/** Cx -> trap,
profile trap {
# intentionally left empty
}
Regards,
Christian Boltz
--
Seriously? If you accused me of verbally abusing the _feature_
(or rather its implementation), I would understand. But I'm not
aware of verbally abusing
Hello,
Am Montag, 31. Dezember 2018, 13:04:59 CET schrieb Jakub Wilk:
> * Christian Boltz , 2018-12-31, 12:22:
> >>The init script is broken. The start action fails with:
> >> /etc/init.d/apparmor: 60: shift: can't shift that many
> >
> >This looks
code that still actually
does something there is
[ -d /sys/module/apparmor ]
return $?
but that's another topic ;-)
Regards,
Christian Boltz
--
Foot:
A device for finding furniture in the dark
signature.asc
Description: This is a digitally signed message part.
o loading the profiles
on startup is slower.
> (i see that this bug is still in
> 'thunderbird', and the apparmor file is dpkg-owned by thunderbird, so
> maybe just consider this comment a bug report addition)
If the file belongs to Thunderbird, the bugreport also belongs there ;-)
s to apply/backport that
patch - it will help to avoid "capability net_admin" requests in several
daemons (bassically all that use libsystemd sd_notifyf() etc.)
Regards,
Christian Boltz
--
can you please add a safety check to make sure this doesn't
happen again?
(for examp
Hello,
Am Sonntag, 21. Oktober 2018, 16:49:29 CEST schrieb Christian Boltz:
> As usual if I do some tests, I found more issues:
> - the attachment won't be checked if a profile has a name (so using a
> variable currently doesn't matter ;-)
> - aa-complain first does a &
giving the executable
as parameter.
> I find this surprising given aa-complain(8) does
> not mention this is possible at all.
Indeed, nice catch ;-)
Can you please open a merge request to update the manpage?
(probably also affects aa-enforce, aa-audit and aa-disable)
While on it, please als
rd profile.
Regards,
Christian Boltz
PS: Can someone who knows the Debian bugtracker better please tag this
bug so that we get notifications on pkg-apparmor?
--
Most languages allow you to shoot your own foot,
C just gives you a tank instead of a handgun ;-)
[Cristian Rodríguez in opensuse-fac
s possible now, but would mean to carry a distro-specific
patch for notify.conf that (obviously) can never be upstreamed.
A more "boring" solution would be to change the upstream default message
to point to a page on wiki.apparmor.net
... says the openSUSE AppArmor maintainer ;-)
R
Hello,
Am Mittwoch, 13. Juni 2018, 17:00:35 CEST schrieb intrigeri:
> intrigeri:
> > Ben Caradoc-Davies:
> >> On 20/11/17 09:38, Christian Boltz wrote:
> >>> Thanks, but unfortunately I still can't reproduce the problem :-(
> >>> Can y
Hello,
Am Freitag, 19. Januar 2018, 13:16:57 CET schrieb Rene Engelhard:
> On Fri, Jan 19, 2018 at 12:52:32PM +0100, Christian Boltz wrote:
> > I'd recommend to use Cx (child profile) rules for gpg so that only
> > gpg (and not libreoffice) get access to ~/.gnupg/
>
>
'd recommend to use Cx (child profile) rules for gpg so that only gpg
(and not libreoffice) get access to ~/.gnupg/
Regards,
Christian Boltz
--
| $ rpm -q --whatrequires kernel
| no package requires kernel
Ach ja, dascha interessant! Kein RPM braucht das? Ja wie? Dann kann
ich das RP
itlab.com/apparmor/apparmor/merge_requests/55
Regards,
Christian Boltz
--
you are expected to know what you're doing (e.g. you're a test script).
[Steve Beattie in apparmor]
signature.asc
Description: This is a digitally signed message part.
has permissions to a) read the audit.log or b) run aa-notify with sudo.
Regards,
Christian Boltz
--
Hardcore ultrageek sysadmins who really really really know that they are
doing [...] will probably never use YaST or will never admit they do it,
at least. :-) [Ancor González So
Hello,
Am Samstag, 18. November 2017, 22:25:40 CET schrieb Ben Caradoc-Davies:
> On 19/11/17 07:47, Christian Boltz wrote:
> > Can you please send (to me or the bugreport) your
> > /etc/apparmor.d/usr.bin.thunderbird profile so that I have the
> > correct profile to test?
&
rce-complain
> aa-complain only works if profile is named precisely for executable
> https://bugs.launchpad.net/apparmor/+bug/1128468
That's an old bug that was fixed long ago. It's unrelated, even if it
looks somewhat similar ;-)
Regards,
Christian Boltz
--
Microsoft is a cr
Hello,
seeing the AppArmor denials would be helpful to get this fixed ;-)
Please either
grep -i apparmor /var/log/syslog
or, if you have auditd installed, check
/var/log/audit/audit.log
For more details, see https://wiki.debian.org/AppArmor/Debug
Regards,
Christian Boltz
efixed with "owner" to avoid increasing the attack
> surface too much)?
Have a look at the denial again - fsuid != ouid, so you can't use an
owner rule.
Also, the pid is not the same as in the /proc/*/cmdline name, so please
use @{pids}, not the (planned-to-be-restricted-to-own-pi
e this problem - their
kernel supports 'unix' rules since years, so the rule downgrade to
'network unix' was not needed.
Note that the patch discussed in this bugreport adds a few other rules -
those will still be needed.
Regards,
Christian Boltz
--
> All cats purr at 2
ouid=0
That translates to
/@{PROC}/@{pids}/cmdline r,
and should probably go into abstractions/libvirt-qemu
Regards,
Christian Boltz
[1] https://bugzilla.opensuse.org/show_bug.cgi?id=1058847 and
https://bugzilla.opensuse.org/show_bug.cgi?id=1060860
--
In asynchron-verteilten Umgebun
"killall -9" for every binary shipped in the
package in prerm, right? ;-) Unloading the profiles wouldn't be too
different to that IMHO.
> 2. unload on removal vs. on purge?
Sorry, EWRONGPACKAGEMANAGER ;-)
Regards,
Christian Boltz
--
Last I checked, developers were still human
[Bryen M Yunashko in opensuse-project]
signature.asc
Description: This is a digitally signed message part.
e too much, therefore I'd expect that
it's still correct and up to date. It also includes a complete reference
to the profile language (as of two years ago, so the "new" rule types
like dbus and ptrace are still missing).
Regards,
Christian Boltz
--
Hmm.. Good point Adr
Hello,
Am Montag, 21. November 2016, 15:13:55 CET schrieb Seth Arnold:
> On Sun, Nov 20, 2016 at 05:41:09PM +0100, Christian Boltz wrote:
> > [patch] Update abstractions/gnome with versioned gtk paths
> >
> > I propose this patch for trunk, 2.10 and 2.9.
>
> Acked-
arch}/gtk/**mr,
+ /usr/lib{,32,64}/gtk-[0-9]*/** mr,
+ /usr/lib/@{multiarch}/gtk-[0-9]*/** mr,
/usr/share/themes/ r,
/usr/share/themes/**r,
Regards,
Christian Boltz
--
> I also prefer realnames. But if people want to use a _spellable_
> alias, it'
usr/share/themes/** r,
This is already included in abstractions/gnome, so I wonder why you
needed to add it.
Regards,
Christian Boltz
--
I just fixed your bug, now you need to find something else to bitch
and flame about ;P
[Cristian Rodriguez on
http://seifesrants.blogspot.de/2013/05/the-sys
module
__import__(name)
ImportError: No module named _LibAppArmor
FAIL test_python.py (exit status: 1)
This is caused by changes in newer swig versions and was already fixed
upstream in trunk r3582 and 2.10 branch r3359.
Regards,
Christian Boltz
--
Sitzstreik
analoger Denial of Service-Ang
e interested in my (trivial) script doing this, have a
look at
https://build.opensuse.org/package/show/home:cboltz/apparmor-profile-collector
I'm sure it would be trivial to get "Debian" and "openSUSE" directories
in the apparmor-profiles git repo. Even without all the metadata e
han one an exec rule. This also means that posting your full audit
log (or at least everything dovecot-related after the exec event
described above) can avoid an additional round of updating the profile
and sending fresh logs ;-)
Regards,
Christian Boltz
[1] null-* are temporary profiles for execs tha
cause the problem you described. So please check
if Debian has the fixes in apparmor_parser (likely, because this was fixed
a while ago) and the kernel (less likely because that patch is quite
new). If in doubt, John should be able to point you to the relevant
patches.
Regards,
Christia
Hello,
Am Sonntag, 5. Juni 2016, 13:34:19 CEST schrieb Guido Günther:
> On Sat, Jun 04, 2016 at 06:38:46PM +0200, Christian Boltz wrote:
> > deny rules are enforced even if you switch the profile to complain
> > mode, and don't leave any log events behind. You might want t
log events behind. You might want to change them
to"audit deny" temporarily to get log events (with AUDIT).
BTW: If you switch the profile to complain mode, the messages will
contain ALLOWED instead of DENIED.
Regards,
Christian Boltz
PS: random sig ;-)
--
[AppArmor] Unlike SELinux
ure (not in 2.11) aa-status might need some of
the apparmor python modules, which will make it less lightweight.
Regards,
Christian Boltz
--
> Wer kennt eine gute Beschreibung, am besten in deutsch die die
> Installion und Einrichtung von mysql und php beschreibt?
> Bitte mehr als nur
Hello,
Am Samstag, 2. Januar 2016 schrieb Evgeni Golov:
> On Sat, Jan 02, 2016 at 03:50:00PM +0100, Christian Boltz wrote:
> > Patch sent for review upstream. The review might need a while thanks
> > to some[tm] [1] pending patches ;-)
>
> Cool, can you drop me the link t
Hello,
Am Samstag, 2. Januar 2016 schrieb Evgeni Golov:
> On Sat, Jan 02, 2016 at 02:52:47PM +0100, Christian Boltz wrote:
> > I just tested on openSUSE and got similar results, but also some
> > small differences:
> Thanks for verifying. Just out of interest, which OpenSSH ver
-05 06:31:00
+
+++ profiles/apparmor/profiles/extras/usr.sbin.sshd 2016-01-02 13:44:20
+
@@ -2,6 +2,8 @@
#
#Copyright (C) 2002-2005 Novell/SUSE
#Copyright (C) 2012 Canonical Ltd.
+# Copyright (C) 2016 Christian Boltz
+#Copyright (C) 2016 Evgeni Golov
#
#This p
ing "./myscript.py", not
"python myscript.py".)
Regards,
Christian Boltz
--
So we have unequivocal proof that I'm more dangerous to my own machine
than any of the updates we've rolled out to Tumbleweed in the last 14
months. [Richard Brown in opensuse-factory]
king something [1]. In theory, the profile could also use
/usr/lib{,64}/chromium{,-browser}/chromium{,-browser} - but that's where
things start to become ugly to read ;-)
Regards,
Christian Boltz
[1] Yes, that will allow the Debian chromium to access /usr/lib64/ - but
since that director
e
profile ;-)
Just in case you can't decide which path to use - openSUSE uses
/usr/lib64/chromium/chromium [1] and it would be nice if we can also use
the profile ;-)
Regards,
Christian Boltz
[1] that's the x86_64 path - for i586, it's /usr/lib/chromium
(that translates
ild (when applying the patch).
The easiest solution is to submit the patch upstream, so that Debian
doesn't have anything that touches the aa_getcon.pod timestamp ;-)
Regards,
Christian Boltz
--
jjohansen: we can just label it "the can't be more broken
than 2.8.3 rel
Hello,
Am Sonntag, 30. August 2015 schrieb intrigeri:
> Christian Boltz wrote (30 Aug 2015 14:38:39 GMT) :
> > Note that haveged.service has DefaultDependencies=No (at least on
> > openSUSE),
>
> That's the case neither on Debian, nor in any of the example service
&g
e only thing that overrides
everything are "deny" rules.
> Otherwise, sounds great! I don't remember if you've already sent this
> to the AppArmor upstream mailing-list for review. Did you?
Yes, please do that ;-)
Regards,
Christian Boltz
--
> Ansonsten: Ich sage n
xt weeks) and then update Jessie to
AppArmor 2.9.3. This means you'll get lots of bugfixes that were done
since AppArmor 2.9.0 "for free" ;-)
BTW: I'll also do a maintenance update to 2.9.3 for openSUSE ;-)
Regards,
Christian Boltz
--
> Was ist ein "umbrel
es with some problems for AppArmor:
https://bugzilla.opensuse.org/show_bug.cgi?id=853019
Basically systemd maps "systemctl restart apparmor" to "stop, then
start", which means the confinement gets removed from running processes.
Regards,
Christian Boltz
--
Whatever, but the
will be included in 2.9.2.
Regards,
Christian Boltz
--
This paragraph should be next to the paragraph about modelines, not here
[SLE 12 manual draft, in the section about apparmor.vim]
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubs
of upstream
https://bugs.launchpad.net/apparmor/+bug/1399027
If I'm right, please send some _unmodified_ log lines from
/var/log/syslog. We need some samples so that we can fix the support for
the syslog log format.
Regards,
Christian Boltz
--
jjohansen: curious-- is there a reason w
error, unexpected $end,
expecting TOK_OPEN
Regards,
Christian Boltz
--
[Subject: Re: hpdarm bei Systemstart]
Äh, sorry, es geht natürlich um hdparm, nicht um die Gedärme eines hp:-)
[Heinrich Eisterer in suse-linux]
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
w
The CSS file should only be symlinked if it does not exist yet.
If modlogan.css already exists (as symlink or plain file), it should not
be overwritten. There might be reasons to have a different CSS file for
some domains / outputdirs.
--
Christian Boltz
www.cboltz.de
--
To UNSUBSCRIBE
92 matches
Mail list logo
