On Sun, Mar 25, 2007 at 06:00:31PM +0100, Peter Bradley wrote: > Honestly, whoever wrote this AppArmor thing must have been on drugs.
Thanks :) The AppArmor in 10.0 is unfortunate. It was hastily assembled shortly after Novell acquired Immunix, and hadn't yet figured out a business model. So the 10.0 version can only profile a handful of applications. AppArmor in newer distributions is significantly less stupid. > After fighting with it over what Apache could do, I now find it won't > let Acroread open PDF files! What's that all about? I tried adding > read permissions for *.pdf into the profile, but it still won't have it. > > Can anyone explain how you get this thing to work? Is it best just to > switch it off? My best guess (without seeing your chages) is that you wrote something like: /*.pdf r, into the profile. '*' will not traverse directories, so this would only read pdf files stored in the filesystem root. /**.pdf r, would let your acroread read any PDFs anywhere. Once you get tired of hand-editing profiles and re-loading profiles on each change, give our wizards a shot. In one terminal, as an unconfined root user, run: genprof acroread Then start up acroread, use it a bit, close it. Then hit the 'scan' button, answer a few questions (keeping in mind the difference between '*' and '**') and when you click 'finish', you'll be good to go. There's also a yast version of this, something like "Novell AppArmor".. Hope this helps
pgpJsyBNWbtgq.pgp
Description: PGP signature
