[pkg-apparmor] Bug#826218: Bug#826218: Bug#826218: Complain still interferes
Guido Günther
agx at sigxcpu.org
Mon Jun 6 06:33:45 UTC 2016
On Sun, Jun 05, 2016 at 06:51:18PM -0700, John Johansen wrote:
[..snip..]
> With that said if you turn of debug mode apparmor will log a few extra
> messages to dmesg (not via the audit subsystem). This will let you see
> when environment scrubbing has been applied.
>
> echo 1 > /sys/module/apparmor/parameters/debug
>
> Also not this isn't going to give you a flood of extra messages its just
> for a few things like, env scrubbing, clearing unsafe personality bits,
> no new privs etc.
>
> > @John: Do you have a different opinion on Guido's points?
> >
>
> yeah we should be logging extra info. As for complain mode we aren't
> changing its behavior but their will be a new mode that is closer to
> what I think he wants.
>
> Also it is possible to turn off deny audit quieting by doing
>
> echo -n noquiet >/sys/module/apparmor/parameters/audit
>
> sadly this is global, not per profile
It's "good enough" for debugging on a test system.
Incredibly helpful, thanks!
-- Guido
More information about the pkg-apparmor-team
mailing list