Bug#712050: linux: Apparmor not working with kernels after wheezy

falconbird Fri, 14 Jun 2013 09:34:43 -0700

Package: apparmor
Version: 2.7.103-4
Followup-For: Bug #712050

Dear Maintainer,

I will try to answer your questions. First, rules are working and AppArmor is 
blocking access to files. But when I try to run aa-status, I got this 

root@debian-box:~# aa-status 
AppArmor available in kernel.
AppArmor running without interface patch -- cannot determine loaded profiles.
0 profiles are loaded.
0 profiles are in enforce mode.
0 profiles are in complain mode.
1 processes have profiles defined.
1 processes are in enforce mode.
   /usr/lib/iceweasel/iceweasel (2063) 
0 processes are in complain mode.
0 processes are unconfined but have a profile defined.


So it isn't showing loaded profiles (actually, I thought that it even not
shwing profiles, but I mistaken). When I tried to rebuild Ubuntu 2.8 AppArmor
it also worked but showed me something about 2.4 compitablity patch.

Here is the output of dmesg command



root@debian-box:~#  dmesg | grep -i apparmor
[    0.000000] Kernel command line: BOOT_IMAGE=/boot/vmlinuz-3.9-1-686-pae 
root=UUID=2c90cbb3-833a-47c9-b20f-5cdc4bbe69f9 ro security=apparmor apparmor=1 
quiet
[    0.004104] AppArmor: AppArmor initialized
[    0.412609] AppArmor: AppArmor Filesystem Enabled
[   10.956778] type=1400 audit(1371226193.382:2): apparmor="STATUS" 
operation="profile_load" name="/sbin/klogd" pid=974 comm="apparmor_parser"
[   11.000395] type=1400 audit(1371226193.426:3): apparmor="STATUS" 
operation="profile_load" name="/bin/ping" pid=973 comm="apparmor_parser"
[   11.006379] type=1400 audit(1371226193.430:4): apparmor="STATUS" 
operation="profile_load" name="/sbin/syslog-ng" pid=975 comm="apparmor_parser"
[   11.011852] type=1400 audit(1371226193.434:5): apparmor="STATUS" 
operation="profile_load" name="/sbin/syslogd" pid=976 comm="apparmor_parser"
[   11.050916] type=1400 audit(1371226193.474:6): apparmor="STATUS" 
operation="profile_load" name="/usr/bin/deluge{,-gtk}" pid=978 
comm="apparmor_parser"
[   11.093886] type=1400 audit(1371226193.518:7): apparmor="STATUS" 
operation="profile_load" name="/usr/lib/icedove/icedove-bin" pid=979 
comm="apparmor_parser"
[   11.114222] type=1400 audit(1371226193.538:8): apparmor="STATUS" 
operation="profile_load" name="/usr/lib/chromium-browser/chromium-browser" 
pid=977 comm="apparmor_parser"
[   11.118809] type=1400 audit(1371226193.542:9): apparmor="STATUS" 
operation="profile_load" 
name="/usr/lib/chromium-browser/chromium-browser//browser_java" pid=977 
comm="apparmor_parser"
[   11.122755] type=1400 audit(1371226193.546:10): apparmor="STATUS" 
operation="profile_load" 
name="/usr/lib/chromium-browser/chromium-browser//browser_openjdk" pid=977 
comm="apparmor_parser"
[   11.125756] type=1400 audit(1371226193.550:11): apparmor="STATUS" 
operation="profile_load" 
name="/usr/lib/chromium-browser/chromium-browser//chromium_browser_sandbox" 
pid=977 comm="apparmor_parser"
[   73.359498] type=1400 audit(1371226254.880:35): apparmor="DENIED" 
operation="open" parent=1 profile="/usr/lib/iceweasel/iceweasel" 
name="/usr/local/share/applications/mimeinfo.cache" pid=2063 comm="iceweasel" 
requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
[   85.206110] type=1400 audit(1371226266.724:36): apparmor="DENIED" 
operation="open" parent=1 profile="/usr/lib/iceweasel/iceweasel" 
name="/home/falcon/" pid=2111 comm="pool" requested_mask="r" denied_mask="r" 
fsuid=1000 ouid=1000
[  312.148854] type=1400 audit(1371226493.669:37): apparmor="DENIED" 
operation="open" parent=1 profile="/usr/lib/iceweasel/iceweasel" 
name="/home/falcon/.cache/dconf/user" pid=2063 comm="iceweasel" 
requested_mask="rwc" denied_mask="rwc" fsuid=1000 ouid=1000


Thanks.


-- System Information:
Debian Release: jessie/sid
  APT prefers testing
  APT policy: (990, 'testing'), (500, 'unstable'), (500, 'stable'), (1, 
'experimental')
Architecture: i386 (i686)

Kernel: Linux 3.9-1-686-pae (SMP w/2 CPU cores)
Locale: LANG=ru_RU.UTF-8, LC_CTYPE=ru_RU.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages apparmor depends on:
ii  debconf [debconf-2.0]  1.5.50
ii  dpkg                   1.16.10
ii  initramfs-tools        0.112
ii  libc6                  2.17-3
ii  lsb-base               4.1+Debian11
ii  python                 2.7.3-5

apparmor recommends no packages.

Versions of packages apparmor suggests:
ii  apparmor-docs      2.7.103-4
ii  apparmor-profiles  2.7.103-4
ii  apparmor-utils     2.7.103-4

-- debconf information excluded


-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#712050: linux: Apparmor not working with kernels after wheezy

Reply via email to