Bug 143425

Summary: 'complain' should report setting application to complain mode into system logs.
Product: [openSUSE] SUSE LINUX 10.0 Reporter: Olli Artemjev <grey-olli>
Component: AppArmorAssignee: Michal Svec <msvec>
Status: RESOLVED WONTFIX QA Contact: Michal Svec <msvec>
Severity: Enhancement    
Priority: P2 - High CC: grey-olli
Version: FinalKeywords: Bad_Design, Common_Criteria, easy_fix, security
Target Milestone: ---   
Hardware: i686   
OS: SuSE Linux 10.0   
Whiteboard:
Found By: Customer Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---

Description Olli Artemjev 2006-01-16 23:42:58 UTC 
skylab:/tmp/bluez # complain /usr/sbin/sshd
Setting /usr/sbin/sshd to complain mode.
skylab:/tmp/bluez #

After that searching via mc 'Find file' functionality for a string 'complain' does nothing.

Say I've temporary root access to some PC. Say I need to install a root hole. Say system runs AppArmor. I do my job & no logs appear. That's wrong beheviour.
If system write logs also to some remote system logging into system logs 'll show warning about changing profile for utiliy.
Comment 1 Olli Artemjev 2006-01-19 00:24:46 UTC 
Same w/ 'enforce' - it also should drop a string to a system log.
Comment 2 Dominic W Reynolds 2006-01-31 00:56:41 UTC 
This is an issue. Will raise this in the next feature meeting. Post results to the opensource apparmor-dev list in feb. Will also update this BZ entry. 

Thanks for the suggestion.
Comment 5 John R Johansen 2007-11-16 02:02:53 UTC 
This won't be fixed for SL10.  This feature request overlaps Bug #127889 which is a more generic logging of profile loads, reloads, and removals.  This feature will go into SL10.4/SLES 11 where profile loads/reloads/removals can be logged and the reporting of a profile being converted to complain is covered by the replacement case.