I've been using AppArmor for some time, and I wrote many profiles for my apps. It wasn't really a hard task, but with the kernel update in Debian (4.12 -> 4.13), many of mine profiles (already "enforced") started to give messages similar to the one below:
AVC apparmor="DENIED" operation="file_inherit" profile="/some/profile" name="/some/file" pid=18809 comm="app_name" requested_mask="wr" denied_mask="wr" fsuid=1000 ouid=1000 What's the "file_inherit" operation? The apps in question seem to work just fine when access to these files is denied. What should be done with these kind of files? Is there any rule I can use in this case just to get rid of the messages from the syslog? -- AppArmor mailing list [email protected] Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor
