touch-packages team mailing list archive

[Jamie Strandboge <jamie@xxxxxxxxxx>]

** Package changed: unity-scopes-api (Ubuntu) => apparmor-easyprof-
ubuntu (Ubuntu)

** Changed in: apparmor-easyprof-ubuntu (Ubuntu)
       Status: New => In Progress

** Changed in: apparmor-easyprof-ubuntu (Ubuntu)
     Assignee: (unassigned) => Jamie Strandboge (jdstrand)

** Changed in: apparmor-easyprof-ubuntu (Ubuntu)
   Importance: Undecided => Low

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor-easyprof-ubuntu
in Ubuntu.
https://bugs.launchpad.net/bugs/1367264

Title:
  scoperunner tries to access /proc/*/attr/current, denied by apparmor

Status in “apparmor-easyprof-ubuntu” package in Ubuntu:
  In Progress

Bug description:
  While testing an aggregator scope I encountered some "leaf" scopes
  which were not returning results. Checking syslog I found some strange
  apparmor denials where the scope runner was trying to access
  /proc/*/attr/current/.

  Sep  8 11:22:10 ubuntu-phablet kernel: [ 1172.643613] type=1400 audit(1410189730.887:130): apparmor="D
  ENIED" operation="open" profile="com.canonical.REDACTED_0.5" name="/proc/4637/attr/current" pid=4
  637 comm="scoperunner" requested_mask="r" denied_mask="r" fsuid=32011 ouid=32011
  ...
  Sep  8 11:22:11 ubuntu-phablet kernel: [ 1172.792552] type=1400 audit(1410189731.037:134): apparmor="D
  ENIED" operation="open" profile="com.canonical.scopes.REDACTED_1.02" name="/proc/4675/attr/current" pid
  =4675 comm="scoperunner" requested_mask="r" denied_mask="r" fsuid=32011 ouid=32011

  I can find nothing in the code for the leaf scopes that tries to make
  these accesses.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apparmor-easyprof-ubuntu/+bug/1367264/+subscriptions