Hi, Thanks for apparmor, it is very useful.
I get two behaviours which encourage me to try to make a specialised profile for open office, first that I get ALLOWED warnings in logwatch and second, open office doesn't start properly. I think that the splash window doesn't finish properly. This isn't a blocker. If I switch to the document window, everything is fine. I have a slightly customised version of usr.lib.libreoffice.program.oosplash and usr.lib.libreoffice.program.soffice.bin which I have placed at ~/.apparmor.d/. They do work, if I load them with apparmor_parser. They work in the sense that neither of the above behaviours is seen. After a reboot, I saw that apparmor wasn't using my profiles, so I thought of clearing the apparmor cache, so I ran these commands # aa-teardown # service apparmor stop # rm /var/cache/apparmor.d/nnnnn/* # nnnn names the actual cache, I guess # service apparmor start However, my user profile was still not used for open office, I get the ALLOWED warnings in kern.log. My usecase is that I would like a specialised version of a system profile to be used for open office when open office is used by me. I've looked in the wiki but so far all I have found is the policy layout page https://gitlab.com/apparmor/apparmor/-/wikis/Policy_Layout and it tells me that ${APPARMOR.D} is used to refer both to the directory in ~ and the one in /etc but without distinguishing them. Please would someone point me at the documentation which describes the loading sequence relevant to my usecase? Many thanks, John Beattie -- AppArmor mailing list [email protected] Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor
