Hello Harry, thanks for the profile additions. Note that the "//null-" portion of the profiles represents a missing execution permission line in the profile. When in enforce mode, the execution would be denied. When in complain mode, the execution is allowed, and the //null- is tacked on, with the path to the next executable.
So these rules represent what might have been running at the moment -- and may *not* represent what the state will be on your next reboot, or service restart. You'll probably need to amend the signal line to: signal (send) peer="/usr/sbin/sssd", You'll probably want to try a service restart or reboot at a time of your choosing, soon, to handle any other instances of this. Thanks again -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1884980 Title: patch so apparmor complain->enforcing To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/sssd/+bug/1884980/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs