← Back to team overview

kernel-packages team mailing list archive

[Bug 1425398] Re: Apparmor uses rsyslogd profile for different processes - utopic HWE

 

It turns out that there is a small bit of the AppArmor userspace that
needs to be addressed, the regression tests need to be slightly adjusted
to take the permissions change into account.

** Changed in: apparmor (Ubuntu Trusty)
       Status: Invalid => In Progress

** Changed in: apparmor (Ubuntu Trusty)
   Importance: Undecided => Medium

** Changed in: apparmor (Ubuntu Trusty)
     Assignee: (unassigned) => Steve Beattie (sbeattie)

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux-lts-utopic in Ubuntu.
https://bugs.launchpad.net/bugs/1425398

Title:
  Apparmor uses rsyslogd profile for different processes - utopic HWE

Status in apparmor package in Ubuntu:
  Invalid
Status in linux package in Ubuntu:
  Confirmed
Status in linux-lts-utopic package in Ubuntu:
  Invalid
Status in rsyslog package in Ubuntu:
  Fix Released
Status in apparmor source package in Trusty:
  In Progress
Status in linux source package in Trusty:
  Confirmed
Status in linux-lts-utopic source package in Trusty:
  Invalid
Status in rsyslog source package in Trusty:
  Triaged

Bug description:
  Hi.

  I've noticed that apparmor loads /usr/sbin/rsyslogd profile for
  completely unrelated processes:

  Feb 25 08:36:19 emma kernel: [  134.796218] audit: type=1400 audit(1424842579.429:245): apparmor="DENIED" operation="sendmsg" profile="/usr/sbin/rsyslogd" name="/dev/log" pid=4002 comm="sshd" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
  Feb 25 08:36:23 emma kernel: [  139.330989] audit: type=1400 audit(1424842583.965:246): apparmor="DENIED" operation="sendmsg" profile="/usr/sbin/rsyslogd" name="/dev/log" pid=4080 comm="sudo" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
  Feb 25 08:35:42 emma kernel: [   97.912402] audit: type=1400 audit(1424842542.565:241): apparmor="DENIED" operation="sendmsg" profile="/usr/sbin/rsyslogd" name="/dev/log" pid=2436 comm="whoopsie" requested_mask="r" denied_mask="r" fsuid=103 ouid=0
  Feb 25 08:34:43 emma kernel: [   38.867998] audit: type=1400 audit(1424842483.546:226): apparmor="DENIED" operation="sendmsg" profile="/usr/sbin/rsyslogd" name="/dev/log" pid=3762 comm="ntpd" requested_mask="r" denied_mask="r" fsuid=0 ouid=0

  
  I'm not sure how apparmor decides which profile to use for which task, but is shouldn't load '/usr/sbin/rsyslogd' profile for sshd/ntpd/etc.

  
  I'm running:
  # lsb_release -rd
  Description:	Ubuntu 14.04.2 LTS
  Release:	14.04

  # dpkg -l | grep apparmor
  ii  apparmor                            2.8.95~2430-0ubuntu5.1               amd64        User-space parser utility for AppArmor
  ii  apparmor-profiles                   2.8.95~2430-0ubuntu5.1               all          Profiles for AppArmor Security policies
  ii  apparmor-utils                      2.8.95~2430-0ubuntu5.1               amd64        Utilities for controlling AppArmor
  ii  libapparmor-perl                    2.8.95~2430-0ubuntu5.1               amd64        AppArmor library Perl bindings
  ii  libapparmor1:amd64                  2.8.95~2430-0ubuntu5.1               amd64        changehat AppArmor library
  ii  python3-apparmor                    2.8.95~2430-0ubuntu5.1               amd64        AppArmor Python3 utility library
  ii  python3-libapparmor                 2.8.95~2430-0ubuntu5.1               amd64        AppArmor library Python3 bindings

  # uname -a
  Linux emma 3.16.0-31-generic #41~14.04.1-Ubuntu SMP Wed Feb 11 19:30:13 UTC 2015 x86_64 x86_64 x86_64 GNU/Linux

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1425398/+subscriptions