Thanks for the comments Jamie. We call aa_getcon() to figure out whether
we are running confined or not:
// Find out whether we are confined. aa_getcon() returns -1 in that case.
char* con = nullptr;
char* mode;
int rc = aa_getcon(&con, &mode);
// Only con (not mode) must be deallocated
free(con);
confinement_type = rc == -1 ? "leaf-net" : "unconfined";
If you want to silence the denial in the logs, that's cool with me. We
just rely on aa_getcon() returning -1 if we are confined. So, as long as
the return value doesn't change, I'm good with silencing it (but I don't
have a problem with the log entry per se either).
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1367264
Title:
scoperunner tries to access /proc/*/attr/current, denied by apparmor
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/unity-scopes-api/+bug/1367264/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
