Hi again, New question: Why is it that when I add flags=(attach_disconnected) to a nested profile, and then run aa-enforce to load it, the flag clause disappears from the profile source code? It seems to be silently failing. I only noticed after I kept seeing apparmor messages for something I thought I had fixed.
If I put the flag clause in the top-level profile and run aa-enforce it doesn't disappear. In fact, it gets added to all of the nested profiles. Is this what I'm supposed to do? The manpage is very light on details like this. It seems that the flags clause must only be defined for the top-level profile and that it applies to all nested profiles as well. Is that correct? Will it cause any problems to have it apply to profiles that don't seem to need it? Thanks, raf -- AppArmor mailing list AppArmor@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor
