[apparmor] Question about attach_disconnected
apparmor at raf.org
apparmor at raf.org
Thu Jul 5 02:32:03 UTC 2018
Christian Boltz wrote:
> Hello,
>
> Am Mittwoch, 4. Juli 2018, 01:58:19 CEST schrieb apparmor at raf.org:
> > New question: Why is it that when I add
> > flags=(attach_disconnected) to a nested profile, and then run
> > aa-enforce to load it, the flag clause disappears from the
> > profile source code?
>
> As John already wrote, this is a bug in aa-enforce, aa-complain and
> possibly also in aa-audit.
>
> Regards,
> Christian Boltz
Thanks to both of you. If I put the flags clause only in the
nested profile that needs it and then load the profile with
apparmor_parser -r instead of aa-enforce/aa-complain, the
profile source file remains as I left it and it seems ok. I just
need to remember not to use aa-complain/aa-enforce for that
profile.
Suggestion: It would be good if aa-status --verbose showed
flags (other than complain/enforce which are already shown).
cheers,
raf
More information about the AppArmor
mailing list