[pkg-apparmor] Bug#826218: Bug#826218: Bug#826218: Complain still interferes
intrigeri
intrigeri at debian.org
Sat Jul 30 12:28:54 UTC 2016
Hi,
Guido Günther:
> so how can I find out why the access is still blocked although I added
> an explicit allow line? I kind of suspect that reloading the profile
> does not work but have nothing that supports this (reloading without
> cache, and in verbose mode all look good).
apparmor(7) reads:
Profiles are applied to a process at exec(3) time (as seen through the
execve(2) system call); an already running process cannot be confined.
However, once a profile is loaded for a program, that program will be
confined on the next exec(3).
The way I understand it, this implies that a modified+reloaded profile
will only be applied to the confined program next time it is executed.
Cheers,
--
intrigeri
More information about the pkg-apparmor-team
mailing list