aa-logprof doesn't recognize rules for denied permissions (no matching against variables)
Bug #1649294 reported by
brian
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
AppArmor |
New
|
Undecided
|
Unassigned |
Bug Description
aa-logprof seems to be ignoring rules already set in the policy as denied. If I set a rule as denied, the next time I run aa-logprof it asks about it again.
tags: | added: aa-tools |
summary: |
- aa-logprof doesn't recognize rules for denied permissions + aa-logprof doesn't recognize rules for denied permissions (no matching + against variables} |
summary: |
aa-logprof doesn't recognize rules for denied permissions (no matching - against variables} + against variables) |
To post a comment you must log in.
I know we had some of these bugs, but it depends on
- the rule type (file, capability, network, ...)
- the version of the AppArmor tools (I did quite some changes and fixes for each release)
- the rules you already have in your profile (for example, do they contain wildcars or variables?)
Can you please add some details about these things?
If in doubt, please attach your audit.log (or a sniplet from it that reproduces the bug), the affected profile and a "screenshot" of the aa-logprof run.