I removed all policies except dhcp and avahi, and there was no start/stop issues. Then I added the Firefox policy and the null-complain-profile started to show up.
r...@thosjo-lab:/etc/apparmor.d# /etc/init.d/apparmor stop Unloading AppArmor profiles : done. r...@thosjo-lab:/etc/apparmor.d# aa-status apparmor module is loaded. 0 profiles are loaded. 0 profiles are in enforce mode. 0 profiles are in complain mode. 1 processes have profiles defined. 0 processes are in enforce mode : 1 processes are in complain mode. null-complain-profile (6293) 0 processes are unconfined but have a profile defined. r...@thosjo-lab:/etc/apparmor.d# ps ax|grep 6293 6293 ? Sl 0:21 /usr/lib/firefox-3.0.7/firefox I think this confused apparmor after an apparmor start, see my comment in the output: r...@thosjo-lab:/etc/apparmor.d# aa-status apparmor module is loaded. 7 profiles are loaded. 6 profiles are in enforce mode. /usr/lib/connman/scripts/dhclient-script /sbin/dhclient3 /usr/sbin/cupsd /sbin/dhclient-script /usr/lib/cups/backend/cups-pdf /usr/lib/NetworkManager/nm-dhcp-client.action 1 profiles are in complain mode. /usr/lib/firefox-3.0.7/firefox.sh <<<<<<<<<<< Shouldn't this be unconfined? 3 processes have profiles defined. 0 processes are in enforce mode : 1 processes are in complain mode. null-complain-profile (6293) 2 processes are unconfined but have a profile defined. /sbin/dhclient3 (5861) /usr/sbin/cupsd (6242) All Firefox operations seems to get hooked to the null-complain-profile: r...@thosjo-lab:/etc/apparmor.d# grep firefox-3.0.7 /var/log/messages Mar 12 12:19:00 thosjo-lab kernel: [ 327.546264] type=1502 audit(1236856740.843:47904): operation="inode_permission" requested_mask="::x" denied_mask="::x" fsuid=1000 name="/usr/lib/firefox-3.0.7/firefox.sh" pid=4394 profile="null-complain-profile" Mar 12 12:23:14 thosjo-lab kernel: [ 581.181988] type=1502 audit(1236856994.483:58853): operation="inode_permission" requested_mask="::r" denied_mask="::r" fsuid=1000 name="/usr/lib/firefox-3.0.7/chrome/classic.jar" pid=5027 profile="null-complain-profile" ** Attachment added: "General apparmor tests" http://launchpadlibrarian.net/23818567/apparmor.policy.test -- jaunty: Apparmor doesn't parse logs and doesnt generally work. https://bugs.launchpad.net/bugs/341205 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
