← Back to team overview

touch-packages team mailing list archive

  1. touch-packages team
  2. Mailing list archive
  3. Message #27604

[Bug 228229] Re: sshd profile does not work out-of-the-box

  Thread PreviousDate PreviousThread Next 
Apparmor 2.9.0 has been released; closing.

** Changed in: apparmor
       Status: Fix Committed => Fix Released

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/228229

Title:
  sshd profile does not work out-of-the-box

Status in AppArmor Linux application security framework:
  Fix Released
Status in “apparmor” package in Ubuntu:
  Fix Released

Bug description:
  Binary package hint: apparmor-profiles

  The apparmor profile for sshd provided by the apparmor-profiles
  package does not work out-of-the-box. Looking over syslog, it appears
  there are seven types of audit entries (one of each follows). Until
  this is fixed, the usr.sbin.sshd file in apparmor-profiles should have
  "flags=(complain)" added to it.

  May  8 08:23:26 darwin kernel: [136857.839011]
  audit(1210249406.803:56): type=1502 operation="inode_permission"
  requested_mask="r::" denied_mask="r::" name="/etc/default/locale"
  pid=21377 profile="/usr/sbin/sshd" namespace="default"

  May  8 08:23:29 darwin kernel: [136860.663589]
  audit(1210249409.633:71): type=1502 operation="inode_permission"
  requested_mask="::r" denied_mask="::r" name="/etc/default/locale"
  pid=21377 profile="/usr/sbin/sshd" namespace="default"

  May  8 08:23:26 darwin kernel: [136857.842204]
  audit(1210249406.803:58): type=1502 operation="inode_permission"
  requested_mask="r::" denied_mask="r::" name="/proc/filesystems"
  pid=21375 profile="/usr/sbin/sshd" namespace="default"

  May  8 08:23:26 darwin kernel: [136857.839817]
  audit(1210249406.803:57): type=1502 operation="inode_permission"
  requested_mask="::r" denied_mask="::r" name="/proc/filesystems"
  pid=21377 profile="/usr/sbin/sshd" namespace="default"

  May  8 09:33:21 darwin kernel: [141051.379421]
  audit(1210253601.703:83): type=1502 operation="file_lock"
  requested_mask="k::" denied_mask="k::" name="/var/log/wtmp" pid=21412
  profile="/usr/sbin/sshd" namespace="default"

  May  8 08:23:26 darwin kernel: [136857.837856]
  audit(1210249406.803:55): type=1502 operation="inode_permission"
  requested_mask="r::" denied_mask="r::" name="/var/run/motd" pid=21377
  profile="/usr/sbin/sshd" namespace="default"

  May  8 09:59:43 darwin kernel: [142632.555690]
  audit(1210255183.393:84): type=1502 operation="file_lock"
  requested_mask="k::" denied_mask="k::" name="/var/run/utmp" pid=21412
  profile="/usr/sbin/sshd" namespace="default"

To manage notifications about this bug go to:
https://bugs.launchpad.net/apparmor/+bug/228229/+subscriptions
  Thread PreviousDate PreviousThread Next