trunk r3279 (and similar commits to the version branches, which will be in 2.10.1 and 2.9.3) changed the behaviour - aa-logprof and aa-genprof will now propose 'w' for creating a file. The commit message explains why:
Map c (create) log events to w instead of a
Creating a file is in theory covered by the 'a' permission, however
discussion on IRC brought up that depending on the open flags it might
not be enough (real-world example: creating the apache pid file).
Therefore change the mapping to 'w' permissions. That might allow more
than needed in some cases, but makes sure the profile always works.
trunk r3279 (and similar commits to the version branches, which will be in 2.10.1 and 2.9.3) changed the behaviour - aa-logprof and aa-genprof will now propose 'w' for creating a file. The commit message explains why:
Map c (create) log events to w instead of a
Creating a file is in theory covered by the 'a' permission, however
discussion on IRC brought up that depending on the open flags it might
not be enough (real-world example: creating the apache pid file).
Therefore change the mapping to 'w' permissions. That might allow more
than needed in some cases, but makes sure the profile always works.