On 04/26/2012 02:09 PM, Jeroen Ooms wrote: > Thank you so much for researching and resolving this. It seems to be > working now indeed. > > Additional question: after switching profiles, I cannot switch back > anymore. Which privileges exactly are required to be able to call > aa_change_profile ? >
to use the change_profile api when confined you need to explicitly list the permissions in the profile change_profile -> <profile>, where profile accepts an apparmor pattern matching expression change_profile -> /usr/bin/R//testprofile, change_profile -> **, However there is a bug in change_profile in 11.04, and 11.10 that prevents change_profile form working from a confined process (it works fine from unconfined). It has been fixed in 12.04 and we need to look at SRUing it for previous releases. -- AppArmor mailing list [email protected] Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor
