[apparmor] [opensuse-factory] 12.1 is around the corner, and I must make my concerns known.
Christian Boltz
opensuse at cboltz.de
Wed Aug 17 21:40:33 UTC 2011
Hello,
on Mittwoch, 17. August 2011, Roger Luedecke wrote:
> On Tuesday, August 16, 2011 02:43:37 PM Christian Boltz wrote:
> > There is aa-notify (accidently named /usr/sbin/aa-apparmor_notify
> > in 11.4).
[...]
> > Unfortunately a security feature of aa-notify strikes back - it
> > drops privileges after startup and then can't access
> > /var/log/audit/ anymore. I'm just sorting that out with Jamie (one
> > of the AppArmor developers). Unless there is a patch, the
> > workaround is chmod 755 /var/log/audit/ (or better use chgrp
> > trusted and chmod 750)
>
> Well now, then we just need to get this working then. That will be a
> massive boon. Quite frankly I can't imagine why this wouldn't have
> been a priority. The majority of Linux/openSUSE users I know are
> home desktop users. In fact, I only know one person who uses a
> non-enterprise supported Linux in a corporate space... which is
> openSUSE proudly enough.
For some reason, the answer from John Johansen didn't reach
opensuse-factory. Therefore I'm forwarding it manually:
---------- Weitergeleitete Nachricht ----------
Datum: Mittwoch, 17. August 2011 06:42
Von: John Johansen <john.johansen at canonical.com>
[... quoting removed ...]
Roger,
It looks like Christian and Jamie have solved this one today, and the
patches should be available soon
-------------------------------------------------------
In the meantime, the patches were commited to the AppArmor bzr repo.
You can download the fixed aa-notify from
http://bazaar.launchpad.net/~apparmor-dev/apparmor/master/view/head:/utils/aa-notify
Backporting the fix to 11.4 shouldn't be too hard. If there are some
people seriously interested in this, I can probably help with it.
Regards,
Christian Boltz
--
Nein, ich bin nicht die Signatur, ich putze hier nur...
More information about the AppArmor
mailing list