[ubuntu-hardened] a question
js at johest.de
js at johest.de
Thu Dec 12 07:49:34 UTC 2013
On 12.12.2013 08:40, Seth Arnold wrote:
> On Thu, Dec 12, 2013 at 08:07:10AM +0100, js at johest.de wrote:
>> Yep, debfx pointed me to the page yesterday in the chat, and i took
>> some of his code cause it looked good :-)
>> Or looked at that stage better then mine.
>
> Yeah, debfx does good work :)
>
>> i just switched apparmor to complain mode and so took all the used
>> files from the syslog. Even with the abstract rules above it still
>> complained about the files i added below than.
>
> Normally, in complain mode, AppArmor will not log a request that is
> already allowed in the policy. If you can get this to happen reliably,
> we should fix that. :) I _suspect_ that you might have found those
> accesses with an earlier version of your policy that did not include
> <abstractions/base> -- but mostly because I have trouble explaining the
> events otherwise.
Okay, could be. I will review this. I added the rules, restartet
apparmor restartet the service. But okay, should be easy to verify.
>
> Thanks
More information about the ubuntu-hardened
mailing list