touch-packages team mailing list archive

Thread
Date

[Bug 1300948] Re: aa-genprof crashed with PermissionError in _mkstemp_inner(): [Errno 13] Permission denied: '/etc/apparmor.d/tmphtnhuikm~'

To: touch-packages@xxxxxxxxxxxxxxxxxxx
From: Christian Boltz <1300948@xxxxxxxxxxxxxxxxxx>
Date: Mon, 23 Feb 2015 18:22:00 -0000
Reply-to: Bug 1300948 <1300948@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

> I really don't want to run something like armagetronad as the super-
user. :-/

You don't have to - I'm quite sure you misunderstand what happens ;-)

For generating a profile, you need to run two things:
a) sudo aa-genprof armagetronad - that tells aa-genprof that you want to create a profile for armagetronad, creates a very basic profile for it and loads it into the kernel (in complain mode). You need to be super-user to do that. Note that aa-genprof _does not_ run armagetronad.
b) in another terminal (or by clicking a desktop icon for it), run armagetronad. There's no need to use sudo, just run it as normal user. As a side effect, this will create a bunch of log entries.

Then you go back to the aa-genprof window and (S)can the log to update the profile.
Optionally, use armagetronad more, and (S)can the log again.
Finally, choose (F)inish to switch the profile into enforce mode.

So, long story short - aa-genprof does not run armagetronad. You have to
start it yourself and can do that without super-user permissions. The
only thing that needs super-user permissions is aa-genprof.

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/1300948

Title:
  aa-genprof crashed with PermissionError in _mkstemp_inner(): [Errno
  13] Permission denied: '/etc/apparmor.d/tmphtnhuikm~'

Status in AppArmor Linux application security framework:
  Triaged
Status in apparmor package in Ubuntu:
  Triaged

Bug description:
  running aa-genprof <application> without sudo made the crash.

  ProblemType: Crash
  DistroRelease: Ubuntu 14.04
  Package: apparmor-utils 2.8.95~2430-0ubuntu3
  ProcVersionSignature: Ubuntu 3.13.0-19.40-generic 3.13.6
  Uname: Linux 3.13.0-19-generic x86_64
  ApportVersion: 2.13.3-0ubuntu1
  Architecture: amd64
  CurrentDesktop: Unity
  Date: Tue Apr  1 20:45:07 2014
  ExecutablePath: /usr/sbin/aa-genprof
  InstallationDate: Installed on 2014-03-24 (8 days ago)
  InstallationMedia: Ubuntu 13.10 "Saucy Salamander" - Release amd64+mac (20131016.1)
  InterpreterPath: /usr/bin/python3.4
  ProcCmdline: /usr/bin/python3 /usr/sbin/aa-genprof feh
  ProcKernelCmdline: BOOT_IMAGE=/efi/ubuntu/vmlinuz-3.13.0-19-generic root=/dev/mapper/vg-root0 ro quiet splash
  PythonArgs: ['/usr/sbin/aa-genprof', 'feh']
  SourcePackage: apparmor
  Syslog:
   
  Title: aa-genprof crashed with PermissionError in _mkstemp_inner(): [Errno 13] Permission denied: '/etc/apparmor.d/tmphtnhuikm~'
  UpgradeStatus: Upgraded to trusty on 2014-03-29 (3 days ago)
  UserGroups: adm cdrom dip lpadmin plugdev sambashare sudo vboxusers

To manage notifications about this bug go to:
https://bugs.launchpad.net/apparmor/+bug/1300948/+subscriptions