Bug 132546 - some minor thing to fix in some app armor profiles
Summary: some minor thing to fix in some app armor profiles
Status: RESOLVED FIXED
Alias: None
Product: SUSE LINUX 10.0
Classification: openSUSE
Component: AppArmor (show other bugs)
Version: Final
Hardware: Other SuSE Linux 10.0
: P5 - None : Minor
Target Milestone: ---
Assignee: Dominic W Reynolds
QA Contact: E-mail List
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2005-11-07 13:26 UTC by Jonathan Arsenault
Modified: 2010-08-24 19:50 UTC (History)
0 users

See Also:
Found By: Other
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Jonathan Arsenault 2005-11-07 13:26:15 UTC 
Found those spamming on my dmesg while poking and playing arround with app armor 
system is a suse linux 10.0 running on GNOME some part could have been upgraded through supplementary (like evolution) but main library of gnome gtk and cie are all from a fresh and patched install.

ok so here we go

evolution-2.4 :
    need read access to $HOME/.icons/* (recursive) when using custom icons set in gnome
    need read access to /etc/opt/gnome/sound/events/gtk-events-2.soundlist
    need to be able to execute /usr/sbin/spamd (spamassasin)

gaim :
    need read access to $HOME/.icons/* (recursive) when using custom icons set in gnome
    need read access to /etc/opt/gnome/gnome-vfs-2.0/modules

got those 2 i dont quite understand :
SubDomain: REJECTING x access to /bin/ps (sh(15278) profile /opt/gnome/bin/evolution-2.4 active /opt/gnome/bin/evolution-2.4)
SubDomain: REJECTING r access to /bin/ps (sh(15278) profile /opt/gnome/bin/evolution-2.4 active /opt/gnome/bin/evolution-2.4)

this one came from my router (hosting some small web page)
system is a suse linux 10.0 too but headless without GNOME or KDE

http2-prefork :
    need read access to /etc/php5/apache2/php.ini and /etc/php5/conf.d

gonna go play with it some more (next i ask for a hlds profiles in there by default ;) good stuff
Comment 1 Jonathan Arsenault 2005-12-17 06:02:56 UTC 
Didn't taugh about looking in the log for exact file that was getting block (suspecting php.ini or something like that) but subdomain + apache + php5 + mysql == no go, spend whole day trying to figure out why the heck php and mysql weren't able to communicate together until i remember having this subdomain thingy on turned it off and everything work just fine.
Comment 2 Jonathan Arsenault 2005-12-17 06:03:57 UTC 
well that was reported in the first one in fact ... duh
Comment 3 Dominic W Reynolds 2005-12-17 06:26:11 UTC 
Thanks for the input. We will work on updating the profile set for a YOU update.

For local modifications from these rejects you can use "logprof" at the console as root (or the YaST wizard).

Thanks again.
Comment 4 Jonathan Arsenault 2006-07-01 13:43:12 UTC 
app armor seem to react sanelly now in 10.1 and sles, lamp setup work alright, some YOU patche went by on 10.0 server for app-armor havent really noticed if it fixed issue on it, had it fixed with logprof already.
Comment 5 Jonathan Arsenault 2006-07-01 13:44:35 UTC 
meant to close this