I don't really understand how the options logprof is giving me relate to the permissions outlined in the sticky and other documentation. Actually, most of the documentation I've been through makes almost no reference to logprof at all. Here's an example:
Code:
Reading log entries from /var/log/messages.
Updating AppArmor profiles in /etc/apparmor.d.
Profile: /usr/lib/firefox-3.0.16/firefox.sh
Execute: /usr/bin/basename
Severity: unknown
(I)nherit / (P)rofile / (C)hild / (N)ame / (U)nconfined / (X)ix / (D)eny / Abo(r)t / (F)inish
Use of uninitialized value $profile in concatenation (.) or string at /usr/share/perl5/Immunix/SubDomain.pm line 4401.
Complain-mode changes:
Profile: /usr/bin/basename
Path: /usr/bin/basename
Mode: r
Severity: unknown
[1 - /usr/bin/basename]
[(A)llow] / (D)eny / (G)lob / Glob w/(E)xt / (N)ew / Abo(r)t / (F)inish / (O)pts
Adding /usr/bin/basename r to profile.
Profile: /usr/lib/firefox-3.0.16/firefox.sh
Path: /bin/dash
Old Mode: ix
New Mode: rix
Severity: unknown
[1 - /bin/dash]
[(A)llow] / (D)eny / (G)lob / Glob w/(E)xt / (N)ew / Abo(r)t / (F)inish / (O)pts
Adding /bin/dash rix to profile.
Profile: /usr/lib/firefox-3.0.16/firefox.sh
Path: /dev/ati/card0
Mode: rw
Severity: unknown
[1 - /dev/ati/card0]
[(A)llow] / (D)eny / (G)lob / Glob w/(E)xt / (N)ew / Abo(r)t / (F)inish / (O)pts
Adding /dev/ati/card0 rw to profile.
Profile: /usr/lib/firefox-3.0.16/firefox.sh
Path: /etc/mailcap
Mode: r
Severity: unknown
[1 - /etc/mailcap]
[(A)llow] / (D)eny / (G)lob / Glob w/(E)xt / (N)ew / Abo(r)t / (F)inish / (O)pts
Adding /etc/mailcap r to profile.
Profile: /usr/lib/firefox-3.0.16/firefox.sh
Path: /etc/mime.types
Mode: r
Severity: unknown
[1 - /etc/mime.types]
[(A)llow] / (D)eny / (G)lob / Glob w/(E)xt / (N)ew / Abo(r)t / (F)inish / (O)pts
Adding /etc/mime.types r to profile.
Profile: /usr/lib/firefox-3.0.16/firefox.sh
Path: /home/cypher/.Xauthority
Mode: owner r
Severity: 4
1 - /home/cypher/.Xauthority
[2 - /home/*/.Xauthority]
[(A)llow] / (D)eny / (G)lob / Glob w/(E)xt / (N)ew / Abo(r)t / (F)inish / (O)pts
My Firefox profile is basically a stub, so i should be getting complaints on everything. I've noticed that most people give firefox rix access to basename. That's read and inherit, correct? So I hit I and it looks like that was the right option, but what do the others do? I'm really having trouble finding any documentation on the usage of logprof.
Oh, and I'm still on 9.04
Bookmarks