touch-packages team mailing list archive

Thread
Date

[Bug 1528778] Re: aa-logprof ignores denied messages

To: touch-packages@xxxxxxxxxxxxxxxxxxx
From: Christian Boltz <1528778@xxxxxxxxxxxxxxxxxx>
Date: Wed, 23 Dec 2015 13:18:18 -0000
Reply-to: Bug 1528778 <1528778@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

That's no a bug, it's a missing feature ;-)  - aa-logprof doesn't have
support for unix rules/events yet, so you'll need to allow this by
manually adding rules.

Nevertheless, thanks for the log - having some example log lines is
always helpful.

Dec 21 09:49:19 th1nkp4d kernel: [ 1807.331151] audit: type=1400
audit(1450687759.549:3582): apparmor="ALLOWED" operation="connect"
profile="/usr/sbin/cupsd" pid=6049 comm="cupsd" family="unix"
sock_type="stream" protocol=0 requested_mask="send receive connect"
denied_mask="send connect" addr=none
peer_addr="@2F746D702F65736574732E736F636B0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000"
peer="unconfined"

BTW: peer_addr decodes to

# aa-decode 2F746D702F65736574732E736F636B
Decoded: /tmp/esets.sock

(I wonder if the tons of 0000000 are intentional - John, can you clarify
this, please?)

** Summary changed:

- aa-logprof ignores denied messages
+ aa-logprof doesn't support unix rules/events

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/1528778

Title:
  aa-logprof doesn't support unix rules/events

Status in apparmor package in Ubuntu:
  New

Bug description:
  aa-logprof ignores denied messages in kern.log. Logs sended to
  apparmor [at] cboltz.de.

  ProblemType: Bug
  DistroRelease: Ubuntu 15.10
  Package: apparmor 2.10-0ubuntu6
  ProcVersionSignature: Ubuntu 4.2.0-21.25-generic 4.2.6
  Uname: Linux 4.2.0-21-generic x86_64
  ApportVersion: 2.19.1-0ubuntu5
  Architecture: amd64
  Date: Wed Dec 23 09:22:44 2015
  InstallationDate: Installed on 2014-04-19 (612 days ago)
  InstallationMedia: Ubuntu-Server 14.04 LTS "Trusty Tahr" - Release amd64 (20140416.2)
  ProcKernelCmdline: BOOT_IMAGE=/vmlinuz-4.2.0-21-generic root=/dev/mapper/ubuntu-root ro splash elevator=cfq nomdmonddf nomdmonisw crashkernel=384M-:128M
  SourcePackage: apparmor
  Syslog:
   
  UpgradeStatus: Upgraded to wily on 2015-11-14 (38 days ago)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1528778/+subscriptions

References

[Bug 1528778] [NEW] aa-logprof ignores denied messages
From: QkiZ, 2015-12-23