← Back to team overview

touch-packages team mailing list archive

  1. touch-packages team
  2. Mailing list archive
  3. Message #57988

[Bug 1425398] [NEW] Apparmor uses rsyslogd profile for different processes

  Thread PreviousDate PreviousThread Next 
Public bug reported:

Hi.

I've noticed that apparmor loads /usr/sbin/rsyslogd profile for
completely unrelated processes:

Feb 25 08:36:19 emma kernel: [  134.796218] audit: type=1400 audit(1424842579.429:245): apparmor="DENIED" operation="sendmsg" profile="/usr/sbin/rsyslogd" name="/dev/log" pid=4002 comm="sshd" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
Feb 25 08:36:23 emma kernel: [  139.330989] audit: type=1400 audit(1424842583.965:246): apparmor="DENIED" operation="sendmsg" profile="/usr/sbin/rsyslogd" name="/dev/log" pid=4080 comm="sudo" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
Feb 25 08:35:42 emma kernel: [   97.912402] audit: type=1400 audit(1424842542.565:241): apparmor="DENIED" operation="sendmsg" profile="/usr/sbin/rsyslogd" name="/dev/log" pid=2436 comm="whoopsie" requested_mask="r" denied_mask="r" fsuid=103 ouid=0
Feb 25 08:34:43 emma kernel: [   38.867998] audit: type=1400 audit(1424842483.546:226): apparmor="DENIED" operation="sendmsg" profile="/usr/sbin/rsyslogd" name="/dev/log" pid=3762 comm="ntpd" requested_mask="r" denied_mask="r" fsuid=0 ouid=0


I'm not sure how apparmor decides which profile to use for which task, but is shouldn't load '/usr/sbin/rsyslogd' profile for sshd/ntpd/etc.


I'm running:
# lsb_release -rd
Description:	Ubuntu 14.04.2 LTS
Release:	14.04

# dpkg -l | grep apparmor
ii  apparmor                            2.8.95~2430-0ubuntu5.1               amd64        User-space parser utility for AppArmor
ii  apparmor-profiles                   2.8.95~2430-0ubuntu5.1               all          Profiles for AppArmor Security policies
ii  apparmor-utils                      2.8.95~2430-0ubuntu5.1               amd64        Utilities for controlling AppArmor
ii  libapparmor-perl                    2.8.95~2430-0ubuntu5.1               amd64        AppArmor library Perl bindings
ii  libapparmor1:amd64                  2.8.95~2430-0ubuntu5.1               amd64        changehat AppArmor library
ii  python3-apparmor                    2.8.95~2430-0ubuntu5.1               amd64        AppArmor Python3 utility library
ii  python3-libapparmor                 2.8.95~2430-0ubuntu5.1               amd64        AppArmor library Python3 bindings

# uname -a
Linux emma 3.16.0-31-generic #41~14.04.1-Ubuntu SMP Wed Feb 11 19:30:13 UTC 2015 x86_64 x86_64 x86_64 GNU/Linux

** Affects: apparmor (Ubuntu)
     Importance: Undecided
         Status: New

** Attachment added: "/var/log/syslog since boot"
   https://bugs.launchpad.net/bugs/1425398/+attachment/4326921/+files/syslog-since-boot

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/1425398

Title:
  Apparmor uses rsyslogd profile for different processes

Status in apparmor package in Ubuntu:
  New

Bug description:
  Hi.

  I've noticed that apparmor loads /usr/sbin/rsyslogd profile for
  completely unrelated processes:

  Feb 25 08:36:19 emma kernel: [  134.796218] audit: type=1400 audit(1424842579.429:245): apparmor="DENIED" operation="sendmsg" profile="/usr/sbin/rsyslogd" name="/dev/log" pid=4002 comm="sshd" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
  Feb 25 08:36:23 emma kernel: [  139.330989] audit: type=1400 audit(1424842583.965:246): apparmor="DENIED" operation="sendmsg" profile="/usr/sbin/rsyslogd" name="/dev/log" pid=4080 comm="sudo" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
  Feb 25 08:35:42 emma kernel: [   97.912402] audit: type=1400 audit(1424842542.565:241): apparmor="DENIED" operation="sendmsg" profile="/usr/sbin/rsyslogd" name="/dev/log" pid=2436 comm="whoopsie" requested_mask="r" denied_mask="r" fsuid=103 ouid=0
  Feb 25 08:34:43 emma kernel: [   38.867998] audit: type=1400 audit(1424842483.546:226): apparmor="DENIED" operation="sendmsg" profile="/usr/sbin/rsyslogd" name="/dev/log" pid=3762 comm="ntpd" requested_mask="r" denied_mask="r" fsuid=0 ouid=0

  
  I'm not sure how apparmor decides which profile to use for which task, but is shouldn't load '/usr/sbin/rsyslogd' profile for sshd/ntpd/etc.

  
  I'm running:
  # lsb_release -rd
  Description:	Ubuntu 14.04.2 LTS
  Release:	14.04

  # dpkg -l | grep apparmor
  ii  apparmor                            2.8.95~2430-0ubuntu5.1               amd64        User-space parser utility for AppArmor
  ii  apparmor-profiles                   2.8.95~2430-0ubuntu5.1               all          Profiles for AppArmor Security policies
  ii  apparmor-utils                      2.8.95~2430-0ubuntu5.1               amd64        Utilities for controlling AppArmor
  ii  libapparmor-perl                    2.8.95~2430-0ubuntu5.1               amd64        AppArmor library Perl bindings
  ii  libapparmor1:amd64                  2.8.95~2430-0ubuntu5.1               amd64        changehat AppArmor library
  ii  python3-apparmor                    2.8.95~2430-0ubuntu5.1               amd64        AppArmor Python3 utility library
  ii  python3-libapparmor                 2.8.95~2430-0ubuntu5.1               amd64        AppArmor library Python3 bindings

  # uname -a
  Linux emma 3.16.0-31-generic #41~14.04.1-Ubuntu SMP Wed Feb 11 19:30:13 UTC 2015 x86_64 x86_64 x86_64 GNU/Linux

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1425398/+subscriptions

Follow ups

References

  Thread PreviousDate PreviousThread Next