Hello, Am Donnerstag, 7. April 2016, 09:57:17 CEST schrieb Ruediger Meier: > On Wednesday 06 April 2016, Christian Boltz wrote: ... > > You'll probably need to adjust the AppArmor profile a bit to allow > > that. Otherwise, nscd won't be able to restart itsself (which > > effectively means ignoring the paranoia mode). > > > > https://bugzilla.opensuse.org/show_bug.cgi?id=971790 > > Thanks, good to know. > > There seems to be another bug > $ nscd --invalidate > does not to work. > > The only way to reset cache and stats is to set > persistent xyz no > and rcnscd.restart.
I Just tested this (on 13.1, and also on Tumbleweed), and it works. Does the syslog tell you anything about why --invalidate doesn't work? Does /var/log/audit/audit.log contain any denials? (I doubt that AppArmor restrictions are involved here, but just to be sure.) > How would I disable appamor system wide? Like every other service - rcapparmor stop  However I hope you won't do this. The better way is usually to - switch the profile to complain/learning mode: aa-complain nscd - let the service run for a while - run aa-logprof to update the profile - enforce the profile again: aa-enforce nscd BTW: You might be interested in my AppArmor Crash Course: http://blog.cboltz.de/archives/65-openSUSE-conference.html (PDFs linked at the end of the article) I'll also give an updated version of this talk at the openSUSE conference (assuming my proposal gets accepted). Regards, Christian Boltz  Note that starting it again with rcapparmor start is not enough to re-add the protection to running processes. You'll need to restart those processes, and aa-status can give you a list of what you should restart (in the "unconfined but..." section). -- >...was dann wieder in polnisch, tschechisch und auf'm Mars versagt. :-) Die Sprachen habe ich noch nie benötigt. Und auf dem Mars gibts ne eigene Distri (für 21-Saugnapf-Tastaturen). [> Ratti und Jan Trippler in suse-linux] _______________________________________________ Evergreen mailing list Evergreen@lists.rosenauer.org http://lists.rosenauer.org/mailman/listinfo/evergreen