Re: Debian 11: evince and apparmor flood kernel log
On Sat 18 Sep 2021 at 08:43:50 (-0400), Greg Wooledge wrote:
> On Sat, Sep 18, 2021 at 12:54:36PM +0200, Roger Price wrote:
> > In site.local I found
> >
> > # The following is a space-separated list of where additional user home
> > # directories are stored, each must have a trailing '/'. Directories added
> > # here are appended to @{HOMEDIRS}. See tunables/home for details. Eg:
> > #@{HOMEDIRS}+=/srv/nfs/home/ /mnt/home/
> >
> > where curiously, the apparmor installation seems to have detected my
> > non-common /home and made the necessary addition, but appended to a
> > commented out example.
>
> It wasn't "detected". That's the generic site.local file that everyone
> has. The commented-out line is provided as an example.
>
> What you're supposed to do is either:
>
> (a) Uncomment that last line, and edit it.
>
> (b) Copy that last line, uncomment the copy, and edit the copy.
>
> I prefer (b) myself.
Yes, it's pretty obvious what's going on if you actually do
"See tunables/home for details", because that has the =
definition that the += is appending to.
<nitpick>
But — the last line of that comment above is actually inconsistent
with how comments are written in /etc/apparmor* files. It should
have a space after the #. #include lines are the only ones that don't.
The other files that look wrong are /etc/apparmor.d/tunables/*.d/*
and /etc/apparmor.d/tunables{kernelvars,sys}.
</nitpick>
Cheers,
David.
Reply to: