Hello, Am Montag, 8. April 2013 schrieb Jamie Strandboge: > Recent kernels/glibc also now trigger reads for > /proc/sys/vm/overcommit_memory. This is explained in both malloc(3) > and proc(5). Basically, there are different memory allocation > strategies and /proc/sys/vm/overcommit_memory contains the 'virtual > memory accounting' mode. The update for the base abstraction gives > read access to this file.
To make the collection complete: Acked-By: Christian Boltz <appar...@cboltz.de> Please also backport both patches to the 2.8 branch. As a side effect of the abstractions/base patch, we should also clean up the usr.sbin.nscd profile (which includes abstractions/base): === modified file 'profiles/apparmor.d/usr.sbin.nscd' --- profiles/apparmor.d/usr.sbin.nscd 2013-03-05 21:11:59 +0000 +++ profiles/apparmor.d/usr.sbin.nscd 2013-04-09 11:29:38 +0000 @@ -42,7 +42,6 @@ @{PROC}/@{pid}/maps r, @{PROC}/@{pid}/mounts r, @{PROC}/filesystems r, - @{PROC}/sys/vm/overcommit_memory r, # Site-specific additions and overrides. See local/README for details. #include <local/usr.sbin.nscd> To avoid trouble with *.rpmnew files etc., this small patch shouldn't be backported to 2.8. Regards, Christian Boltz -- im Vergleich dazu [...] in etwa so, als wenn man mit den Händen den Kasten Bier aus dem Supermarkt die 20 Meter nach Hause schleppt statt mit einem Flugzeugträger festzumachen, umd das gleiche zu erledigen. ;) [Timo Schoeler in postfixbuch-users] -- AppArmor mailing list AppArmor@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor