On 11/24/2012 01:50 AM, Aaron Lewis wrote:
> Hi,
>
> I run Arch Linux with apparmor enabled kernel (3.6.7), now I encountered some
> problem with firefox,
>
> It looked ugly, so I set the profile to complain mode, now I see this:
>
> kernel: type=1400 audit(1353749970.556:556): apparmor="ALLOWED"
> operation="open" parent=1 profile="/usr/lib/firefox/firefox{,*[^s][^h]}"
> name=2F4170706C69636174696F6E2F7468656D65732F4C696F6E2D7468656D652D72656C6F61646564202F67746B2D322E302F67746B7263
> pid=14778 comm="firefox" requested_mask="r" denied_mask="r" fsuid=1000
> ouid=1000
>
> How should I fix it? the "name" looked way too wired to me, should I just add
> a "XXX r," ? Or it's something specific to .. dbus or systemd?
>
The name has a special character in it so it has been encoded by the audit
system to avoid being parsed incorrectly. You can use the aa-decode tool to
unencode the name
aa-decode
2F4170706C69636174696F6E2F7468656D65732F4C696F6E2D7468656D652D72656C6F61646564202F67746B2D322E302F67746B7263
Decoded: /Application/themes/Lion-theme-reloaded /gtk-2.0/gtkrc
so it is the space character that caused this particular name to be encoded
If you include the space in policy make sure it is quoted
"/Application/themes/Lion-theme-reloaded /gtk-2.0/gtkrc" r,
--
AppArmor mailing list
[email protected]
Modify settings or unsubscribe at:
https://lists.ubuntu.com/mailman/listinfo/apparmor
