Hello Daniel, On Thu, Jan 21, 2016 at 12:57:31PM +0100, daniel curtis wrote: > 1/ DENIED entries for 'random/uuid' even with a rule in the profile.
The 'owner' modifier on this rule is preventing the read. The DENIED line on my system for this error shows: type=AVC msg=audit(1453406645.169:8252): apparmor="DENIED" operation="open" profile="/tmp/bash" name="/proc/sys/kernel/random/uuid" pid=8778 comm="cat" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0 Note that the 'fsuid' and 'ouid' are different -- the ouid shows the object is owned by uid 0, the fsuid shows that my process is running as user 1000. > 2/ access to the encrypted ~/Private directory (should it be allowed?) and > 'k' access mode etc. You do need to grant privileges to your ~/Private directory and all its children. It's unfortunate but that's the way it works. You may or may not need 'k' mode. I mentioned it only because it seemed likely to me that transmission would use it. :) If it doesn't request it you don't need to give it. Thanks
signature.asc
Description: Digital signature
-- AppArmor mailing list [email protected] Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor
