Hello,
Am Freitag, 25. November 2016, 13:48:31 CET schrieb daniel curtis:
> There is some problem with reloading Firefox profile and restarting
> AppArmor (e.g. via /etc/init.d/). It seems, that responsible is one
> rule:
>
> @{PROC}/@{pids}/net/arp r,
>
> This is a rule proposed by you. Here's what happens:
>
> [~]$ sudo apparmor_parser -r /etc/apparmor.d/usr.bin.firefox
> Found reference to variable pids, but is never declared
In your other mail, you wrote that you have AppArmor 2.7 - that version
is much older than what I typically think of when answering mails ;-)
The error message indicates that @{pid} did not exist in 2.7 yet, so...
> That's happened, even with Firefox disabled etc. But, adding this
> rule:
>
> @{PROC}/[0-9]*/net/arp r,
>
> Everything seems to work OK.:
...
> I don't know why, I don't know the reasons. So, for now I've decided
> to leave the second rule and use the first one.
... that's the easiest thing you can do in 2.7.
If you prefer a slightly harder way, consider upgrading to 2.9.x or
(better) 2.10.x - or at least grab the @{pid} variable definition from
tunables/ in a later AppArmor version ;-)
Regards,
Christian Boltz
--
Sorry for the rant, I tried for a long time to find nice words but these
were the nicest I could find :-) [Stefan Seyfried in opensuse-factory]
signature.asc
Description: This is a digitally signed message part.
-- AppArmor mailing list [email protected] Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor
