Hi,
On 2020-08-30, Christian Boltz wrote:
> - did you reload the profile after changing it?
Yes, via aa-teardown && systemctl restart apparmor.service and
restarting element-{desktop,launcher} afterwards for the profiles to
take effect. I have made sure that no processes of
element-{desktop,launcher} remain before doing so to avoid it still
being unconfined due to the teardown.
> - did you load the new profiles?
Yes, via aa-teardown && systemctl restart apparmor.service, see above
> - do you see any errors when (re)loading the profiles with
> apparmor_parser -r /etc/apparmor.d/
No.
> - are the processes confined under the expected profile? Check with
> ps Zaux | grep element
every outputted line (except the grep above) is listed with
"(enforce)" (which means that all processes are confined, right? or is
there something else to watch out for?)
> If the above doesn't help, seeing the profile and the output of
> aa-status would probably be helpful.
aa-status looks unsuspicious: https://p.nnev.de/9547
Profile (after resolving all includes): https://p.nnev.de/9548
This is the profile for /usr/bin/element-desktop, the profile itself
starts at line 99.
My profile for /usr/local/bin/element-launcher is identical, except for
line 99.
element-desktop throws the aforementioned error with libreadline,
element-launcher works absolutely fine.
Checksums for both element-desktop and element-launcher are identical,
as both executables are identical (yes, I have just sha1summed both of
them to avoid me screwing something up...).
> [1] I'm sorry if some of them look like "silly questions", but please
> check them nevertheless ;-)
No worries, certainly see what you are checking there and why. :)
If you have any ideas what still to try, I'm happy to try them...
~ Jonas
--
AppArmor mailing list
AppArmor@lists.ubuntu.com
Modify settings or unsubscribe at:
https://lists.ubuntu.com/mailman/listinfo/apparmor
