[apparmor] Need Assistance With AppArmor Profiling Issue
John Johansen
john.johansen at canonical.com
Wed Mar 21 17:56:53 UTC 2012
On 03/21/2012 10:30 AM, Christian Boltz wrote:
> Hello,
>
> Am Mittwoch, 21. März 2012 schrieb Don Woeltje:
>> I'm profiling Firefox11. I can never get it to work, in enforce mode,
>> without problems. I keep running it, then running aa-logprof to make
>> corrections to the profile. Then I go into Edit A Profile (in YaST) to
>> look at the changes and I see some weird entries at the beginning of
>> the profile. They are as follows:
>>
>> [+] ^null-15
>
> This reminds me to https://bugzilla.novell.com/show_bug.cgi?id=546618 -
> which should be fixed since a long time.
>
> YaST implies you are probably using openSUSE or SLE - which of them and
> which version? Did you install all available updates?
>
> BTW: I prefer working with the aa-* tools directly (and editing the
> profiles in /etc/apparmor.d/ with vi if really needed) over using the
> YaST modules - but I'll not mention the word "better" because this leads
> to similar fights as in the vi vs. emacs war ;-) [1]
>
Christian,
suse changed their SLE kernel policy so that they are backporting whole
kernels instead of patches. Perhaps we are seeing a newer kernel with
an old userspace.
The change to the ^null learning profiles is one of those cases where
the kernel made changes that where incompatible with user space. Its not
exactly an abi break as its just in the log output, but is one of those
changes that requires an updated userspace.
More information about the AppArmor
mailing list