← Back to team overview

touch-packages team mailing list archive

  1. touch-packages team
  2. Mailing list archive
  3. Message #16337

[Bug 1367264] Re: scoperunner tries to access /proc/*/attr/current, denied by apparmor

  Thread PreviousDate PreviousThread Next 
Thanks for the comments Jamie. We call aa_getcon() to figure out whether
we are running confined or not:

    // Find out whether we are confined. aa_getcon() returns -1 in that case.
    char* con = nullptr;
    char* mode;
    int rc = aa_getcon(&con, &mode);
    // Only con (not mode) must be deallocated
    free(con);
    confinement_type = rc == -1 ? "leaf-net" : "unconfined";

If you want to silence the denial in the logs, that's cool with me. We
just rely on aa_getcon() returning -1 if we are confined. So, as long as
the return value doesn't change, I'm good with silencing it (but I don't
have a problem with the log entry per se either).

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to unity-scopes-api in
Ubuntu.
https://bugs.launchpad.net/bugs/1367264

Title:
  scoperunner tries to access /proc/*/attr/current, denied by apparmor

Status in “unity-scopes-api” package in Ubuntu:
  New

Bug description:
  While testing an aggregator scope I encountered some "leaf" scopes
  which were not returning results. Checking syslog I found some strange
  apparmor denials where the scope runner was trying to access
  /proc/*/attr/current/.

  Sep  8 11:22:10 ubuntu-phablet kernel: [ 1172.643613] type=1400 audit(1410189730.887:130): apparmor="D
  ENIED" operation="open" profile="com.canonical.REDACTED_0.5" name="/proc/4637/attr/current" pid=4
  637 comm="scoperunner" requested_mask="r" denied_mask="r" fsuid=32011 ouid=32011
  ...
  Sep  8 11:22:11 ubuntu-phablet kernel: [ 1172.792552] type=1400 audit(1410189731.037:134): apparmor="D
  ENIED" operation="open" profile="com.canonical.scopes.REDACTED_1.02" name="/proc/4675/attr/current" pid
  =4675 comm="scoperunner" requested_mask="r" denied_mask="r" fsuid=32011 ouid=32011

  I can find nothing in the code for the leaf scopes that tries to make
  these accesses.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/unity-scopes-api/+bug/1367264/+subscriptions
  Thread PreviousDate PreviousThread Next