Yes Seth. My system works fine if the capability line is in the profile.
Below are my two queries... 1. Is listing all the capabilities same as adding the "capability, " line. I dont see the same behaviour. Listing all the capabs is not working, whereas adding the capability, line works 2. I am not able to identify the required capability from apparmor logs. Ideally we should see it in the capable operation ? Is there any scenario where capability is used, and apparmor does not log it... Thanks, Swarna On Mon, Aug 31, 2020 at 11:26 PM Seth Arnold <seth.arn...@canonical.com> wrote: > On Mon, Aug 31, 2020 at 10:34:46PM -0400, swarna latha wrote: > > I am getting the complete set of libraries used by my process with > status= > > AUDIT, right from /etc/ld.so.cache. It looks to me as though the profile > is > > not applied, though i have rules allowing the /etc/ld.so cache access. > > > > As i have these file entries in my profile, i am not getting > > ALLOWED/DENIED, hence not able to regenerate the profile with these > events. > > Hello Swarna, so, is it the case that your system works fine when the > 'capability,' line is in the profile, but when you remove it and reload > the profile, the application doesn't start *and* doesn't log anything > different? > > Thanks >
-- AppArmor mailing list AppArmor@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor