enterprise-support team mailing list archive

[Andreas Hasenack <andreas@xxxxxxxxxxxxx>]

Public bug reported:

I enabled the (optional) squid apparmor profile
(/etc/apparmor.d/usr.sbin.squid) and configured squidguard.

squid fails to launch or talk to the squidguard helper after that and enters a loop:
2018/08/16 13:36:53 kid1| Starting new helpers
2018/08/16 13:36:53 kid1| helperOpenServers: Starting 1/20 'squidGuard' processes
2018/08/16 13:36:53 kid1| WARNING: redirector #Hlpr6977 exited
2018/08/16 13:36:53 kid1| Too few redirector processes are running (need 1/20)
2018/08/16 13:36:53 kid1| Starting new helpers
2018/08/16 13:36:53 kid1| helperOpenServers: Starting 1/20 'squidGuard' processes
2018/08/16 13:36:53 kid1| WARNING: redirector #Hlpr6978 exited
2018/08/16 13:36:53 kid1| Too few redirector processes are running (need 1/20)
2018/08/16 13:36:53 kid1| Starting new helpers
2018/08/16 13:36:53 kid1| helperOpenServers: Starting 1/20 'squidGuard' processes
2018/08/16 13:36:53 kid1| WARNING: redirector #Hlpr6979 exited


dmesg reports:
[  477.494344] audit: type=1400 audit(1534426533.919:2434): apparmor="DENIED" operation="file_inherit" profile="/usr/sbin/squid" pid=8122 comm="squidGuard" family="unix" sock_type="stream" protocol=0 requested_mask="send receive" denied_mask="send receive" addr=none peer_addr=none peer="/usr/sbin/squid//squidguard"

** Affects: squid3 (Ubuntu)
     Importance: Undecided
         Status: New

-- 
You received this bug notification because you are a member of Ubuntu
Server/Client Support Team, which is subscribed to squid3 in Ubuntu.
Matching subscriptions: Ubuntu Server/Client Support Team
https://bugs.launchpad.net/bugs/1787409

Title:
  apparmor profile incorrect for squidguard usage

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/squid3/+bug/1787409/+subscriptions