touch-packages team mailing list archive
-
touch-packages team
-
Mailing list archive
-
Message #80740
[Bug 1458288] Re: Some exec appeair on kern.log but on apparmor_status not.
The profile="unconfined" in the following line from the logs just means
that the process which loaded the new profile is unconfined. The
apparmor="STATUS" operation="profile_load" log entries are from the
initscript or upstart scripts when they are loading the profiles before
executing the program.
audit: type=1400 audit(1432447057.243:13): apparmor="STATUS"
operation="profile_load" profile="unconfined" name="/usr/bin/evince-
thumbnailer" pid=447 comm="apparmor_parser"
If the process loading policy were confined (I believe this is allowed,
so long as the process has capability MAC_ADMIN in its policy and has
this capability natively) then the confining profile would have been
reported here, instead of "unconfined".
The important part to remember is that the log events reflect the
process that is performing the operation.
Thanks
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/1458288
Title:
Some exec appeair on kern.log but on apparmor_status not.
Status in apparmor package in Ubuntu:
Invalid
Bug description:
Hi
On kern.log some exec listing as unconfined but on apparmor_status not.What is the truth.
$ tail -n 40 -f /var/log/kern.log
May 24 08:57:38 192-168-0-3 kernel: [ 23.677258] input: HDA Intel Front Headphone as /devices/pci0000:00/0000:00:1b.0/sound/card0/input12
May 24 08:57:38 192-168-0-3 kernel: [ 26.435570] Adding 2084860k swap on /dev/mapper/192--168--0--102--vg-swap_1. Priority:-1 extents:1 across:2084860k FS
May 24 08:57:38 192-168-0-3 kernel: [ 29.417288] EXT4-fs (dm-0): re-mounted. Opts: errors=remount-ro
May 24 08:57:38 192-168-0-3 kernel: [ 30.101562] EXT4-fs (sda1): mounting ext2 file system using the ext4 subsystem
May 24 08:57:38 192-168-0-3 kernel: [ 30.189338] EXT4-fs (sda1): mounted filesystem without journal. Opts: (null)
May 24 08:57:38 192-168-0-3 kernel: [ 33.126316] audit: type=1400 audit(1432447037.263:2): apparmor="STATUS" operation="profile_load" profile="unconfined" name="gst_plugin_scanner" pid=447 comm="apparmor_parser"
May 24 08:57:38 192-168-0-3 kernel: [ 33.626210] audit: type=1400 audit(1432447037.763:3): apparmor="STATUS" operation="profile_load" profile="unconfined" name="/usr/lib/lightdm/lightdm-guest-session" pid=447 comm="apparmor_parser"
May 24 08:57:38 192-168-0-3 kernel: [ 33.626246] audit: type=1400 audit(1432447037.763:4): apparmor="STATUS" operation="profile_load" profile="unconfined" name="chromium" pid=447 comm="apparmor_parser"
May 24 08:57:38 192-168-0-3 kernel: [ 35.099402] audit: type=1400 audit(1432447039.235:5): apparmor="STATUS" operation="profile_load" profile="unconfined" name="/sbin/dhclient" pid=447 comm="apparmor_parser"
May 24 08:57:38 192-168-0-3 kernel: [ 35.101412] audit: type=1400 audit(1432447039.239:6): apparmor="STATUS" operation="profile_load" profile="unconfined" name="/usr/lib/NetworkManager/nm-dhcp-client.action" pid=447 comm="apparmor_parser"
May 24 08:57:38 192-168-0-3 kernel: [ 35.103027] audit: type=1400 audit(1432447039.239:7): apparmor="STATUS" operation="profile_load" profile="unconfined" name="/usr/lib/NetworkManager/nm-dhcp-helper" pid=447 comm="apparmor_parser"
May 24 08:57:38 192-168-0-3 kernel: [ 35.104806] audit: type=1400 audit(1432447039.243:8): apparmor="STATUS" operation="profile_load" profile="unconfined" name="/usr/lib/connman/scripts/dhclient-script" pid=447 comm="apparmor_parser"
May 24 08:57:38 192-168-0-3 kernel: [ 53.089763] audit: type=1400 audit(1432447057.227:9): apparmor="STATUS" operation="profile_load" profile="unconfined" name="/usr/bin/evince" pid=447 comm="apparmor_parser"
May 24 08:57:38 192-168-0-3 kernel: [ 53.093877] audit: type=1400 audit(1432447057.231:10): apparmor="STATUS" operation="profile_load" profile="unconfined" name="sanitized_helper" pid=447 comm="apparmor_parser"
May 24 08:57:38 192-168-0-3 kernel: [ 53.098328] audit: type=1400 audit(1432447057.235:11): apparmor="STATUS" operation="profile_load" profile="unconfined" name="/usr/bin/evince-previewer" pid=447 comm="apparmor_parser"
May 24 08:57:38 192-168-0-3 kernel: [ 53.100659] audit: type=1400 audit(1432447057.239:12): apparmor="STATUS" operation="profile_load" profile="unconfined" name="sanitized_helper" pid=447 comm="apparmor_parser"
May 24 08:57:38 192-168-0-3 kernel: [ 53.104541] audit: type=1400 audit(1432447057.243:13): apparmor="STATUS" operation="profile_load" profile="unconfined" name="/usr/bin/evince-thumbnailer" pid=447 comm="apparmor_parser"
May 24 08:57:38 192-168-0-3 kernel: [ 53.106972] audit: type=1400 audit(1432447057.243:14): apparmor="STATUS" operation="profile_load" profile="unconfined" name="sanitized_helper" pid=447 comm="apparmor_parser"
May 24 08:57:38 192-168-0-3 kernel: [ 53.114072] audit: type=1400 audit(1432447057.251:15): apparmor="STATUS" operation="profile_load" profile="unconfined" name="/usr/bin/irssi" pid=447 comm="apparmor_parser"
May 24 08:57:38 192-168-0-3 kernel: [ 53.122442] audit: type=1400 audit(1432447057.259:16): apparmor="STATUS" operation="profile_load" profile="unconfined" name="/usr/bin/mediascanner-service-2.0" pid=447 comm="apparmor_parser"
May 24 08:57:38 192-168-0-3 kernel: [ 53.136378] audit: type=1400 audit(1432447057.275:17): apparmor="STATUS" operation="profile_load" profile="unconfined" name="/usr/bin/pidgin" pid=447 comm="apparmor_parser"
May 24 08:57:38 192-168-0-3 kernel: [ 53.136424] audit: type=1400 audit(1432447057.275:18): apparmor="STATUS" operation="profile_load" profile="unconfined" name="launchpad_integration" pid=447 comm="apparmor_parser"
May 24 08:57:38 192-168-0-3 kernel: [ 53.955321] cgroup: new mount options do not match the existing superblock, will be ignored
May 24 08:57:39 192-168-0-3 kernel: [ 55.503792] rfkill: input handler disabled
May 24 08:57:41 192-168-0-3 kernel: [ 57.061478] cfg80211: Calling CRDA to update world regulatory domain
May 24 08:57:41 192-168-0-3 kernel: [ 57.149912] cfg80211: World regulatory domain updated:
May 24 08:57:41 192-168-0-3 kernel: [ 57.149928] cfg80211: DFS Master region: unset
May 24 08:57:41 192-168-0-3 kernel: [ 57.149935] cfg80211: (start_freq - end_freq @ bandwidth), (max_antenna_gain, max_eirp), (dfs_cac_time)
May 24 08:57:41 192-168-0-3 kernel: [ 57.149945] cfg80211: (2402000 KHz - 2472000 KHz @ 40000 KHz), (300 mBi, 2000 mBm), (N/A)
May 24 08:57:41 192-168-0-3 kernel: [ 57.149954] cfg80211: (2457000 KHz - 2482000 KHz @ 40000 KHz), (300 mBi, 2000 mBm), (N/A)
May 24 08:57:41 192-168-0-3 kernel: [ 57.149962] cfg80211: (2474000 KHz - 2494000 KHz @ 20000 KHz), (300 mBi, 2000 mBm), (N/A)
May 24 08:57:41 192-168-0-3 kernel: [ 57.149971] cfg80211: (5170000 KHz - 5250000 KHz @ 40000 KHz), (300 mBi, 2000 mBm), (N/A)
May 24 08:57:41 192-168-0-3 kernel: [ 57.149980] cfg80211: (5735000 KHz - 5835000 KHz @ 40000 KHz), (300 mBi, 2000 mBm), (N/A)
May 24 08:57:41 192-168-0-3 kernel: [ 57.539742] eth0: 0xf840e000, 00:22:15:4b:fd:ce, IRQ 24
May 24 08:57:48 192-168-0-3 kernel: [ 64.600036] r8101: eth0: link up
May 24 08:57:51 192-168-0-3 kernel: [ 67.604054] r8101: eth0: link down
May 24 08:57:54 192-168-0-3 kernel: [ 70.640020] r8101: eth0: link up
May 24 08:58:23 192-168-0-3 kernel: [ 98.895580] perf interrupt took too long (2516 > 2500), lowering kernel.perf_event_max_sample_rate to 50000
May 24 08:58:26 192-168-0-3 gnome-session[1631]: Entering running state
May 24 09:05:12 192-168-0-3 kernel: [ 508.457929] perf interrupt took too long (5007 > 5000), lowering kernel.perf_event_max_sample_rate to 25000
$ sudo apparmor_status
apparmor module is loaded.
33 profiles are loaded.
27 profiles are in enforce mode.
/usr/bin/evince-previewer
/usr/bin/evince-previewer//sanitized_helper
/usr/bin/evince-thumbnailer
/usr/bin/evince-thumbnailer//sanitized_helper
/usr/bin/evince//sanitized_helper
/usr/bin/irssi
/usr/bin/mediascanner-service-2.0
/usr/bin/pidgin
/usr/bin/pidgin//launchpad_integration
/usr/bin/pidgin//sanitized_helper
/usr/bin/totem
/usr/bin/totem-audio-preview
/usr/bin/totem-video-thumbnailer
/usr/lib/cups/backend/cups-pdf
/usr/lib/lightdm/lightdm-guest-session
/usr/lib/lightdm/lightdm-guest-session//chromium
/usr/lib/telepathy/mission-control-5
/usr/lib/telepathy/telepathy-*
/usr/lib/telepathy/telepathy-*//pxgsettings
/usr/lib/telepathy/telepathy-*//sanitized_helper
/usr/lib/telepathy/telepathy-ofono
/usr/sbin/apt-cacher-ng
/usr/sbin/cups-browsed
/usr/sbin/cupsd
/usr/sbin/cupsd//third_party
/usr/sbin/tcpdump
udm-extractor
6 profiles are in complain mode.
/sbin/dhclient
/usr/bin/evince
/usr/lib/NetworkManager/nm-dhcp-client.action
/usr/lib/NetworkManager/nm-dhcp-helper
/usr/lib/connman/scripts/dhclient-script
gst_plugin_scanner
8 processes have profiles defined.
8 processes are in enforce mode.
/usr/bin/mediascanner-service-2.0 (1410)
/usr/lib/telepathy/mission-control-5 (1909)
/usr/sbin/cups-browsed (677)
/usr/sbin/cupsd (645)
/usr/sbin/cupsd (718)
/usr/sbin/cupsd (719)
/usr/sbin/cupsd (720)
/usr/sbin/cupsd (721)
0 processes are in complain mode.
0 processes are unconfined but have a profile defined.
ProblemType: Bug
DistroRelease: Ubuntu 15.04
Package: apparmor 2.9.1-0ubuntu9
ProcVersionSignature: Ubuntu 3.19.0-18.18-generic 3.19.6
Uname: Linux 3.19.0-18-generic i686
ApportVersion: 2.17.2-0ubuntu1.1
Architecture: i386
CurrentDesktop: Unity
Date: Sun May 24 09:11:54 2015
ProcKernelCmdline: BOOT_IMAGE=/vmlinuz-3.19.0-18-generic root=/dev/mapper/192--168--0--102--vg-root ro splash quiet vt.handoff=7
SourcePackage: apparmor
Syslog: May 24 08:57:38 192-168-0-3 dbus[660]: [system] AppArmor D-Bus mediation is enabled
UpgradeStatus: No upgrade log present (probably fresh install)
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1458288/+subscriptions
References
