Bug 143425 - 'complain' should report setting application to complain mode into system logs.
Summary: 'complain' should report setting application to complain mode into system logs.
Status: RESOLVED WONTFIX
Alias: None
Product: SUSE LINUX 10.0
Classification: openSUSE
Component: AppArmor (show other bugs)
Version: Final
Hardware: i686 SuSE Linux 10.0
: P2 - High : Enhancement
Target Milestone: ---
Assignee: Michal Svec
QA Contact: Michal Svec
URL:
Whiteboard:
Keywords: Bad_Design, Common_Criteria, easy_fix, security
Depends on:
Blocks:
 
Reported: 2006-01-16 23:42 UTC by Olli Artemjev
Modified: 2007-11-16 02:02 UTC (History)
1 user (show)

See Also:
Found By: Customer
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Olli Artemjev 2006-01-16 23:42:58 UTC 
skylab:/tmp/bluez # complain /usr/sbin/sshd
Setting /usr/sbin/sshd to complain mode.
skylab:/tmp/bluez #

After that searching via mc 'Find file' functionality for a string 'complain' does nothing.

Say I've temporary root access to some PC. Say I need to install a root hole. Say system runs AppArmor. I do my job & no logs appear. That's wrong beheviour.
If system write logs also to some remote system logging into system logs 'll show warning about changing profile for utiliy.
Comment 1 Olli Artemjev 2006-01-19 00:24:46 UTC 
Same w/ 'enforce' - it also should drop a string to a system log.
Comment 2 Dominic W Reynolds 2006-01-31 00:56:41 UTC 
This is an issue. Will raise this in the next feature meeting. Post results to the opensource apparmor-dev list in feb. Will also update this BZ entry. 

Thanks for the suggestion.
Comment 5 John R Johansen 2007-11-16 02:02:53 UTC 
This won't be fixed for SL10.  This feature request overlaps Bug #127889 which is a more generic logging of profile loads, reloads, and removals.  This feature will go into SL10.4/SLES 11 where profile loads/reloads/removals can be logged and the reporting of a profile being converted to complain is covered by the replacement case.