← Back to team overview

touch-packages team mailing list archive

  1. touch-packages team
  2. Mailing list archive
  3. Message #125699

[Bug 888734] Re: dhclient generates "DENIED" message in apparmor

  Thread PreviousDate PreviousThread Next 
I'v started  runc container with apparmor profile as /sbin/dhclient
Inside the container, for all the commands which I'm typing I'm getting
Permission denied
Kern.log

Dec 22 21:45:57 raj kernel: [14575.502702] audit: type=1400 audit(1450800957.194:143): apparmor="DENIED" operation="exec" profile="/sbin/dhclient" name="/bin/ps" pid=3651 comm="sh" requested_mask="x" denied_mask="x" fsuid=0 ouid=0
Dec 22 21:46:01 raj kernel: [14579.860597] audit: type=1400 audit(1450800961.550:144): apparmor="DENIED" operation="open" profile="/sbin/dhclient" name="/dev/tty" pid=3657 comm="sh" requested_mask="rw" denied_mask="rw" fsuid=0 ouid=0
Dec 22 21:46:03 raj kernel: [14581.812280] audit: type=1400 audit(1450800963.506:145): apparmor="DENIED" operation="exec" profile="/sbin/dhclient" name="/bin/ls" pid=3663 comm="sh" requested_mask="x" denied_mask="x" fsuid=0 ouid=0
Dec 22 21:46:05 raj kernel: [14584.165168] audit: type=1400 audit(1450800965.854:146): apparmor="DENIED" operation="exec" profile="/sbin/dhclient" name="/bin/ls" pid=3664 comm="sh" requested_mask="x" denied_mask="x" fsuid=0 ouid=0
Dec 22 21:46:59 raj kernel: [14637.606913] audit: type=1400 audit(1450801019.298:147): apparmor="DENIED" operation="exec" profile="/sbin/dhclient" name="/bin/ls" pid=3756 comm="sh" requested_mask="x" denied_mask="x" fsuid=0 ouid=0
Dec 22 21:47:01 raj kernel: [14639.560709] audit: type=1400 audit(1450801021.254:148): apparmor="DENIED" operation="exec" profile="/sbin/dhclient" name="/usr/bin/clear" pid=3757 comm="sh" requested_mask="x" denied_mask="x" fsuid=0 ouid=0
Dec 22 21:47:02 raj kernel: [14640.395635] audit: type=1400 audit(1450801022.086:149): apparmor="DENIED" operation="exec" profile="/sbin/dhclient" name="/bin/ls" pid=3758 comm="sh" requested_mask="x" denied_mask="x" fsuid=0 ouid=0
Dec 22 21:47:06 raj kernel: [14644.890654] audit: type=1400 audit(1450801026.578:150): apparmor="DENIED" operation="exec" profile="/sbin/dhclient" name="/bin/dmesg" pid=3759 comm="sh" requested_mask="x" denied_mask="x" fsuid=0 ouid=0

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/888734

Title:
  dhclient generates "DENIED" message in apparmor

Status in apparmor package in Ubuntu:
  Fix Released

Bug description:
  Hi,

  When I login to desktop (xfce), I receive a notification I have to
  debug Apparmor [https://wiki.ubuntu.com/DebuggingApparmor]. What can I
  do?

  In kernel.org I get:

  root@gerret:~# cat  /var/log/kern.log | grep "DENIED"Oct  8 10:48:52 gerret kernel: [   62.811119] type=1400 audit(1318063732.434:19): apparmor="DENIED" operation="create" parent=1078 profile="/sbin/dhclient" pid=1857 comm="dhclient" family="inet" sock_type="dgram" protocol=17
  Oct  8 10:48:59 gerret kernel: [   69.373294] type=1400 audit(1318063738.998:20): apparmor="DENIED" operation="create" parent=1078 profile="/sbin/dhclient" pid=1878 comm="dhclient" family="inet" sock_type="dgram" protocol=17

  So, should I have to modify the profile of dhclient? How can I debug
  this output?

  Thanks in advance,
  Xan.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/888734/+subscriptions
  Thread PreviousDate PreviousThread Next