[apparmor] [patch] Add a note about still enforcing deny rules to aa-complain manpage
John Johansen
john.johansen at canonical.com
Sun Jun 5 21:35:36 UTC 2016
On 06/05/2016 09:23 AM, Christian Boltz wrote:
> Hello,
>
> $subject.
>
> This behaviour makes sense (for example to force the confined program to
> use a fallback path), but is probably surprising for users, so we should
> document it.
>
> References: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=826218#37
>
>
> I propose this patch for trunk, 2.10 and 2.9
>
>
Acked-by: John Johansen <john.johansen at canonical.com>
> [ 02-aa-complain-deny-note.diff ]
>
> === modified file 'utils/aa-complain.pod'
> --- utils/aa-complain.pod 2014-09-15 18:30:47 +0000
> +++ utils/aa-complain.pod 2016-06-05 16:17:23 +0000
> @@ -41,6 +41,8 @@
> In this mode security policy is not enforced but rather access violations
> are logged to the system log.
>
> +Note that 'deny' rules will be enforced even in complain mode.
> +
> =head1 BUGS
>
> If you find any bugs, please report them at
>
>
>
>
> Regards,
>
> Christian Boltz
>
>
>
More information about the AppArmor
mailing list