[apparmor] [patch] Let aa-complain delete the disable symlink
Christian Boltz
apparmor at cboltz.de
Mon May 25 16:12:39 UTC 2015
Hello,
aa-complain is part of the enforce/complain/disable triple. Therefore
I expect it to actually load a profile in complain mode.
To do this, it has to delete the 'disable' symlink, but set_complain()
in aa.py didn't do this (and therefore kept the profile disabled).
I propose this patch for trunk and 2.9.
[ 38-aa-complain-delete-disable-symlink.diff ]
=== modified file utils/apparmor/aa.py
--- utils/apparmor/aa.py 2015-05-25 12:17:39.156441255 +0200
+++ utils/apparmor/aa.py 2015-05-25 18:06:42.137124875 +0200
@@ -284,6 +284,7 @@
aaui.UI_Info(_('Setting %s to complain mode.') % (filename if program is None else program))
# a force-complain symlink is more packaging-friendly, but breaks caching
# create_symlink('force-complain', filename)
+ delete_symlink('disable', filename)
change_profile_flags(filename, program, 'complain', True)
def set_enforce(filename, program):
Regards,
Christian Boltz
--
> Also, Hosen runter:
Hose*n*! Du hast nur "die" Hose runtergelassen und die Unterhose
anbehalten. Nix da!
[> Stefan G. Weichinger und Peer Heinlein in postfixbuch-users]
More information about the AppArmor
mailing list