Hello, $subject.
This behaviour makes sense (for example to force the confined program to use a fallback path), but is probably surprising for users, so we should document it. References: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=826218#37 I propose this patch for trunk, 2.10 and 2.9 [ 02-aa-complain-deny-note.diff ] === modified file 'utils/aa-complain.pod' --- utils/aa-complain.pod 2014-09-15 18:30:47 +0000 +++ utils/aa-complain.pod 2016-06-05 16:17:23 +0000 @@ -41,6 +41,8 @@ In this mode security policy is not enforced but rather access violations are logged to the system log. +Note that 'deny' rules will be enforced even in complain mode. + =head1 BUGS If you find any bugs, please report them at Regards, Christian Boltz -- When a device looks like a printer, acts like a printer, and sounds like a printer, that device could be a computer. [Johannes Meixner in opensuse-factory]
signature.asc
Description: This is a digitally signed message part.
-- AppArmor mailing list AppArmor@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor
