Talk:AppArmor

From ArchWiki
Jump to navigation Jump to search

Desktop notifications

Has anyone managed to get AppArmor#Get desktop notification on DENIED actions to actually work?

When auditd.service starts it changes the permissions of /var/log/audit/ and /var/log/audit/audit.log. Even when I change ACLs so that I can read /var/log/audit/audit.log, aa-notify still shows Cannot read '/var/log/audit/audit.log'.

-- nl6720 (talk) 10:06, 2 October 2018 (UTC)

I'm sorry for inconvenience. I proposed different approach, see https://wiki.archlinux.org/index.php?title=AppArmor&type=revision&diff=545635&oldid=545631 . I hope this one will work.
Teples (talk) 12:26, 2 October 2018 (UTC)
Thanks, now it works for me :) -- nl6720 (talk) 17:14, 2 October 2018 (UTC)
AFAIK if auditd.service isn't started then there is nothing logged to /var/log/audit/audit.log so https://wiki.archlinux.org/index.php?title=AppArmor&type=revision&diff=545662&oldid=545635 doesn't make sense. I think auditd is the only process which logs there. Did you observe something different?
Teples (talk) 17:55, 2 October 2018 (UTC)
No, but this allows to allows to start auditd.service later, after login. Without -f /var/log/audit/audit.log aa-notify would try read /var/log/kern.log and fail. So if auditd.service is started after login, you would need to re-login for apparmor-notify.desktop to start. -- nl6720 (talk) 18:01, 2 October 2018 (UTC)
Ok, thx for info.
Teples (talk) 18:58, 2 October 2018 (UTC)