Bug#732198: libapache2-mod-apparmor: Apache Apparmor without any hats configured logs profile violations

Sun, 15 Dec 2013 07:27:37 -0800 

Package: libapache2-mod-apparmor
Version: 2.7.103-4
Severity: important

Dear Maintainer,

I just installed the libapache2-mod-apparmor package, put the bundled Apache 2 
prefork policy in complain mode, enabled the apparmor Apache module and 
restarted Apache. In my understanding so far everything should work as before 
as I didn't add any configuration to further restrict any web applications and 
the Apache profile itself is totally permissive. Yet, a number of policy 
violations are logged (see below).

Best regards,
    David

Dec 15 11:55:16 jeff kernel: [53487.620837] type=1400 
audit(1387104916.351:91413): apparmor="ALLOWED" operation="change_hat" 
parent=19692 profile="/usr/lib/apache2/mpm-prefork/apache2" pid=19726 
comm="apache2" target="/usr/lib/apache2/mpm-prefork/apache2///"
Dec 15 11:55:16 jeff kernel: [53487.620880] type=1400 
audit(1387104916.351:91414): apparmor="ALLOWED" operation="open" parent=19692 
profile="/usr/lib/apache2/mpm-prefork/apache2//null-2e8" 
name="/proc/19726/attr/current" pid=19726 comm="apache2" requested_mask="w" 
denied_mask="w" fsuid=33 ouid=0
Dec 15 11:55:23 jeff kernel: [53495.087977] type=1400 
audit(1387104923.818:91417): apparmor="ALLOWED" operation="change_hat" 
parent=19692 profile="/usr/lib/apache2/mpm-prefork/apache2" pid=19821 
comm="apache2" target="/usr/lib/apache2/mpm-prefork/apache2///"
Dec 15 11:55:23 jeff kernel: [53495.088046] type=1400 
audit(1387104923.818:91418): apparmor="ALLOWED" operation="open" parent=19692 
profile="/usr/lib/apache2/mpm-prefork/apache2//null-2e9" 
name="/proc/19821/attr/current" pid=19821 comm="apache2" requested_mask="w" 
denied_mask="w" fsuid=33 ouid=0
Dec 15 11:55:26 jeff kernel: [53497.341219] type=1400 
audit(1387104926.069:91419): apparmor="ALLOWED" operation="change_hat" 
parent=19692 profile="/usr/lib/apache2/mpm-prefork/apache2" pid=19823 
comm="apache2" target="/usr/lib/apache2/mpm-prefork/apache2///"
Dec 15 11:55:26 jeff kernel: [53497.341261] type=1400 
audit(1387104926.069:91420): apparmor="ALLOWED" operation="open" parent=19692 
profile="/usr/lib/apache2/mpm-prefork/apache2//null-2ea" 
name="/proc/19823/attr/current" pid=19823 comm="apache2" requested_mask="w" 
denied_mask="w" fsuid=33 ouid=0
Dec 15 11:55:37 jeff kernel: [53508.469435] type=1400 
audit(1387104937.200:91421): apparmor="ALLOWED" operation="change_hat" 
parent=19692 profile="/usr/lib/apache2/mpm-prefork/apache2" pid=20197 
comm="apache2" target="/usr/lib/apache2/mpm-prefork/apache2///"
Dec 15 11:55:37 jeff kernel: [53508.469478] type=1400 
audit(1387104937.200:91422): apparmor="ALLOWED" operation="open" parent=19692 
profile="/usr/lib/apache2/mpm-prefork/apache2//null-2eb" 
name="/proc/20197/attr/current" pid=20197 comm="apache2" requested_mask="w" 
denied_mask="w" fsuid=33 ouid=0


-- System Information:
Debian Release: 7.3
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: i386 (i686)

Kernel: Linux 3.2.0-4-686-pae (SMP w/3 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages libapache2-mod-apparmor depends on:
ii  apache2.2-common  2.2.22-13
ii  libapparmor1      2.7.103-4
ii  libc6             2.13-38

libapache2-mod-apparmor recommends no packages.

libapache2-mod-apparmor suggests no packages.

-- Configuration Files:
/etc/apparmor.d/local/usr.lib.apache2.mpm-prefork.apache2 changed:
capability chown,


-- no debconf information


-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Reply via email to