On 07/03/2018 04:58 PM, appar...@raf.org wrote: > Hi again, > > New question: Why is it that when I add > flags=(attach_disconnected) to a nested profile, and then run > aa-enforce to load it, the flag clause disappears from the > profile source code? It seems to be silently failing. I only > noticed after I kept seeing apparmor messages for something I > thought I had fixed. > > If I put the flag clause in the top-level profile and run > aa-enforce it doesn't disappear. In fact, it gets added to all > of the nested profiles. Is this what I'm supposed to do? The > manpage is very light on details like this. > this would be a bug
> It seems that the flags clause must only be defined for the > top-level profile and that it applies to all nested profiles as > well. Is that correct? Will it cause any problems to have it > apply to profiles that don't seem to need it? > No, this is not correct. Each level of profile gets its own flags. Nested profiles do not share the parent profiles flags. -- AppArmor mailing list AppArmor@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor