trunk r3279 (and similar commits to the version branches, which will be in 2.10.1 and 2.9.3) changed the behaviour - aa-logprof and aa-genprof will now propose 'w' for creating a file. The commit message explains why:
Map c (create) log events to w instead of a Creating a file is in theory covered by the 'a' permission, however discussion on IRC brought up that depending on the open flags it might not be enough (real-world example: creating the apache pid file). Therefore change the mapping to 'w' permissions. That might allow more than needed in some cases, but makes sure the profile always works. ** Changed in: apparmor Status: Expired => Fix Committed ** Changed in: apparmor Milestone: None => 2.10.1 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1324608 Title: when aa-logprof processed file access rules with mask of "c" the resulting profile doesn't work To manage notifications about this bug go to: https://bugs.launchpad.net/apparmor/+bug/1324608/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs