← Back to team overview

enterprise-support team mailing list archive

[Bug 1967807] [NEW] Apparmor doesn't let squid read /etc/ssl/openssl.cnf

 

Public bug reported:

After installing squid in a Jammy container:

audit: type=1400 audit(1649103012.819:218): apparmor="STATUS" operation="profile_replace" label="lxd-squid_</var/snap/lxd/common/lxd>//&:lxd-squid_<var-snap-lxd-common-lxd>:unconfined" name="/usr/sbin/squid" pid=1003733 comm="apparmor_parser"
audit: type=1400 audit(1649103012.831:219): apparmor="STATUS" operation="profile_replace" label="lxd-squid_</var/snap/lxd/common/lxd>//&:lxd-squid_<var-snap-lxd-common-lxd>:unconfined" name="/usr/sbin/squid//squidguard" pid=1003733 comm="apparmor_parser"
audit: type=1400 audit(1649103043.411:220): apparmor="DENIED" operation="open" namespace="root//lxd-squid_<var-snap-lxd-common-lxd>" profile="/usr/sbin/squid" name="/etc/ssl/openssl.cnf" pid=1004222 comm="squid" requested_mask="r" denied_mask="r" fsuid=1589824 ouid=1589824
audit: type=1400 audit(1649103043.431:221): apparmor="DENIED" operation="open" namespace="root//lxd-squid_<var-snap-lxd-common-lxd>" profile="/usr/sbin/squid" name="/etc/ssl/openssl.cnf" pid=1004224 comm="squid" requested_mask="r" denied_mask="r" fsuid=1589824 ouid=1589824


Additional information:

root@squid:~# apt-cache policy apparmor squid
apparmor:
  Installed: 3.0.4-2ubuntu2
  Candidate: 3.0.4-2ubuntu2
  Version table:
 *** 3.0.4-2ubuntu2 500
        500 http://us.archive.ubuntu.com/ubuntu jammy/main amd64 Packages
        100 /var/lib/dpkg/status
squid:
  Installed: 5.2-1ubuntu3
  Candidate: 5.2-1ubuntu3
  Version table:
 *** 5.2-1ubuntu3 500
        500 http://us.archive.ubuntu.com/ubuntu jammy/main amd64 Packages
        100 /var/lib/dpkg/status
root@squid:~# lsb_release -rd
Description:	Ubuntu Jammy Jellyfish (development branch)
Release:	22.04

** Affects: squid (Ubuntu)
     Importance: Undecided
         Status: New

-- 
You received this bug notification because you are a member of Ubuntu
Server/Client Support Team, which is subscribed to squid in Ubuntu.
Matching subscriptions: Ubuntu Server/Client Support Team
https://bugs.launchpad.net/bugs/1967807

Title:
  Apparmor doesn't let squid read /etc/ssl/openssl.cnf

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/squid/+bug/1967807/+subscriptions