[apparmor] [patch] Add a note about still enforcing deny rules to aa-complain manpage
Christian Boltz
apparmor at cboltz.de
Sun Jun 5 16:23:24 UTC 2016
Hello,
$subject.
This behaviour makes sense (for example to force the confined program to
use a fallback path), but is probably surprising for users, so we should
document it.
References: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=826218#37
I propose this patch for trunk, 2.10 and 2.9
[ 02-aa-complain-deny-note.diff ]
=== modified file 'utils/aa-complain.pod'
--- utils/aa-complain.pod 2014-09-15 18:30:47 +0000
+++ utils/aa-complain.pod 2016-06-05 16:17:23 +0000
@@ -41,6 +41,8 @@
In this mode security policy is not enforced but rather access violations
are logged to the system log.
+Note that 'deny' rules will be enforced even in complain mode.
+
=head1 BUGS
If you find any bugs, please report them at
Regards,
Christian Boltz
--
When a device looks like a printer, acts like a printer,
and sounds like a printer, that device could be a computer.
[Johannes Meixner in opensuse-factory]
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: This is a digitally signed message part.
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20160605/4b4f0b92/attachment.pgp>
More information about the AppArmor
mailing list