Bug 132546

Summary: some minor thing to fix in some app armor profiles
Product: [openSUSE] SUSE LINUX 10.0 Reporter: Jonathan Arsenault <jonharson>
Component: AppArmorAssignee: Dominic W Reynolds <dreynolds>
Status: RESOLVED FIXED QA Contact: E-mail List <qa-bugs>
Severity: Minor    
Priority: P5 - None    
Version: Final   
Target Milestone: ---   
Hardware: Other   
OS: SuSE Linux 10.0   
Whiteboard:
Found By: Other Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---

Description Jonathan Arsenault 2005-11-07 13:26:15 UTC 
Found those spamming on my dmesg while poking and playing arround with app armor 
system is a suse linux 10.0 running on GNOME some part could have been upgraded through supplementary (like evolution) but main library of gnome gtk and cie are all from a fresh and patched install.

ok so here we go

evolution-2.4 :
    need read access to $HOME/.icons/* (recursive) when using custom icons set in gnome
    need read access to /etc/opt/gnome/sound/events/gtk-events-2.soundlist
    need to be able to execute /usr/sbin/spamd (spamassasin)

gaim :
    need read access to $HOME/.icons/* (recursive) when using custom icons set in gnome
    need read access to /etc/opt/gnome/gnome-vfs-2.0/modules

got those 2 i dont quite understand :
SubDomain: REJECTING x access to /bin/ps (sh(15278) profile /opt/gnome/bin/evolution-2.4 active /opt/gnome/bin/evolution-2.4)
SubDomain: REJECTING r access to /bin/ps (sh(15278) profile /opt/gnome/bin/evolution-2.4 active /opt/gnome/bin/evolution-2.4)

this one came from my router (hosting some small web page)
system is a suse linux 10.0 too but headless without GNOME or KDE

http2-prefork :
    need read access to /etc/php5/apache2/php.ini and /etc/php5/conf.d

gonna go play with it some more (next i ask for a hlds profiles in there by default ;) good stuff
Comment 1 Jonathan Arsenault 2005-12-17 06:02:56 UTC 
Didn't taugh about looking in the log for exact file that was getting block (suspecting php.ini or something like that) but subdomain + apache + php5 + mysql == no go, spend whole day trying to figure out why the heck php and mysql weren't able to communicate together until i remember having this subdomain thingy on turned it off and everything work just fine.
Comment 2 Jonathan Arsenault 2005-12-17 06:03:57 UTC 
well that was reported in the first one in fact ... duh
Comment 3 Dominic W Reynolds 2005-12-17 06:26:11 UTC 
Thanks for the input. We will work on updating the profile set for a YOU update.

For local modifications from these rejects you can use "logprof" at the console as root (or the YaST wizard).

Thanks again.
Comment 4 Jonathan Arsenault 2006-07-01 13:43:12 UTC 
app armor seem to react sanelly now in 10.1 and sles, lamp setup work alright, some YOU patche went by on 10.0 server for app-armor havent really noticed if it fixed issue on it, had it fixed with logprof already.
Comment 5 Jonathan Arsenault 2006-07-01 13:44:35 UTC 
meant to close this