Yes Seth.
My system works fine if the capability line is in the profile.
Below are my two queries...
1. Is listing all the capabilities same as adding the "capability, " line.
I dont see the same behaviour. Listing all the capabs is not working,
whereas
adding the capability, line works
2. I am not able to identify the required capability from apparmor logs.
Ideally we should see it in the capable operation ? Is there any scenario
where
capability is used, and apparmor does not log it...
Thanks,
Swarna
On Mon, Aug 31, 2020 at 11:26 PM Seth Arnold <seth.arn...@canonical.com>
wrote:
> On Mon, Aug 31, 2020 at 10:34:46PM -0400, swarna latha wrote:
> > I am getting the complete set of libraries used by my process with
> status=
> > AUDIT, right from /etc/ld.so.cache. It looks to me as though the profile
> is
> > not applied, though i have rules allowing the /etc/ld.so cache access.
> >
> > As i have these file entries in my profile, i am not getting
> > ALLOWED/DENIED, hence not able to regenerate the profile with these
> events.
>
> Hello Swarna, so, is it the case that your system works fine when the
> 'capability,' line is in the profile, but when you remove it and reload
> the profile, the application doesn't start *and* doesn't log anything
> different?
>
> Thanks
>
--
AppArmor mailing list
AppArmor@lists.ubuntu.com
Modify settings or unsubscribe at:
https://lists.ubuntu.com/mailman/listinfo/apparmor
