** Changed in: apparmor
Status: Fix Committed => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/1525119
Title:
Cannot permit some operations for sssd
** Changed in: apparmor/2.10
Status: Fix Committed => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/1525119
Title:
Cannot permit some operations for
** Changed in: apparmor/2.9
Status: Fix Committed => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/1525119
Title:
Cannot permit some operations for
This bug was fixed in the package apparmor - 2.10.95-0ubuntu1
---
apparmor (2.10.95-0ubuntu1) xenial; urgency=medium
* Update to apparmor 2.10.95 (2.11 Beta 1) (LP: #1561762)
- Allow Apache prefork profile to chown(2) files (LP: #1210514)
- Allow deluge-gtk and
** Changed in: apparmor (Ubuntu)
Assignee: (unassigned) => Tyler Hicks (tyhicks)
** Changed in: apparmor (Ubuntu)
Status: New => Triaged
** Changed in: apparmor (Ubuntu)
Importance: Undecided => Low
--
You received this bug notification because you are a member of Ubuntu
Touch
You can use aa-logprof and, before saving the changes, use "(v)iew
Changes" or "View Changes b/w (C)lean profiles" to see the added rules
and also the removed rules that are obsoleted by added rules.
Afterwards, abort instead of changing the profiles ;-)
That said - maybe your idea of a tool that
Patch commited to bzr (trunk, 2.10 and 2.9 branch)
** Changed in: apparmor
Status: In Progress => Fix Committed
** Changed in: apparmor/2.10
Status: In Progress => Fix Committed
** Changed in: apparmor/2.9
Status: In Progress => Fix Committed
** Changed in: apparmor
** Branch linked: lp:apparmor
** Branch linked: lp:apparmor/2.10
** Branch linked: lp:apparmor/2.9
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/1525119
Title:
Cannot
I think I'm happy that it's been fixed. I was able to figure out the
"root cause" for the troubles, so I don't need aa-genprof and aa-
logprof at all for this. It is bit bad though that there is no tool that
would just show you the rules it would generate instead of updating
profile directory.
Which AppArmor version are you using? (We had some fixes around the
"unknown mode", however your error message indicates that rmask could be
empty, which would be something new.)
For the crash, please try to find out which log line causes this, and
paste or attach it. (Hint: split the log into 2
The version is, as provided in the initial message,
apparmor version 2.8.95~2430-0ubuntu5.3
Dec 11 10:24:07 gw-dc01 kernel: [2214272.912766] type=1400
audit(1449822247.549:21251): apparmor="ALLOWED" operation="file_inherit"
profile="/usr/sbin/sssd//null-45" name="/var/log/sssd/ldap_child.log"
Sorry, I overlooked the version in the initial report.
Thanks for the log line!
The empty denied_mask is a) strange and b) basically what I expected based on
the error message.
I can reproduce the crash with the latest code and all maintained
branches, so you don't need to test yourself ;-)
--
Patch sent to the mailinglist for review -
https://lists.ubuntu.com/archives/apparmor/2015-December/008922.html
I'm quite sure the Ubuntu package is too old to apply just this patch,
so you might want to get the latest code from the bzr 2.9 branch and
apply it there.
** Also affects: apparmor
13 matches
Mail list logo
