Hello, Am Dienstag, 1. Januar 2013 schrieb Aaron Lewis: > Seems that aa-genprof failed to parse the logs, it doesn't ask about > "Allow/Glob/.." stuff, when I press "S" to scan the logs, it just show > the same menu all the time, > > Here's a snip of the log currently present, which is stored in > /var/log/messages (I already changed logfiles to /var/log/messages in > logprof.conf) > > 2013-01-01T15:09:04.562575+08:00 localhost kernel: [ 1911.569682] > type=1400 audit(1357024144.556:6368): apparmor="ALLOWED" > operation="open" parent=5390 > profile="/usr/lib/virtualbox/VBoxSVC//null-2d" > name="/sys/class/power_supply/" pid=5457 comm=4143504920506F6C6C6572
BTW: comm=... decodes to comm="ACPI Poller" (you can decode it with aa-decode) > requested_mask="r" denied_mask="r" fsuid=1000 ouid=0 The utilities are not perfectly up to date, but in general they should[tm] work. However aa-genprof sometimes misses some log events ( https://bugs.launchpad.net/apparmor/+bug/1014304 ) and especially exec seems to be a critical point. This is exactly what might have hit you - the log line you showed is the result of executing another program. Fortunately aa-logprof usually works better. Does it work if you do the following? (/usr/bin/virtualbox is just a guess - replace as needed) aa-complain /usr/bin/virtualbox # [1] # start and use /usr/bin/virtualbox aa-logprof aa-enforce /usr/bin/virtualbox # [1] Happy new year! Christian Boltz [1] aa-complain switches the profile to learning ("complain") mode (that's what aa-genprof also does while running), and aa-enforce disables the learning mode again to enforce the profile. -- > Das hatte ich (samt Kommentar aus der /etc/postfix/transport) doch > schon in meiner letzten Mail erklärt ... ;) Sandy ist schuld ;-) Erst mit seiner Erklärung ist mir aufgefallen, dass ich es nicht verstanden habe. [> David Haller und Peter Mc Donough in opensuse-de] -- AppArmor mailing list AppArmor@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor
