[Kernel-packages] [Bug 1425398] Re: Apparmor uses rsyslogd profile for different processes - utopic HWE

Pavel Malyshev Thu, 26 Feb 2015 00:45:57 -0800

John,

I'm using Ubuntu Trusty with Utopic HWE, so my apparmor is from Trusty.
I didn't install anything from backports or Utopic by hand to not mess package 
system and LTS state of distribution.
But somehow the system does not behave like trusty.


Note that I've updated this system from 12.04 w/ Trusty HWE to 14.04
with do-release-upgrade few months ago.


$ LANG=C apt-cache policy apparmor apparmor-profiles apparmor-utils
apparmor:
  Installed: 2.8.95~2430-0ubuntu5.1
  Candidate: 2.8.95~2430-0ubuntu5.1
  Version table:
 *** 2.8.95~2430-0ubuntu5.1 0
        500 http://ru.archive.ubuntu.com/ubuntu/ trusty-updates/main amd64 
Packages
        500 http://security.ubuntu.com/ubuntu/ trusty-security/main amd64 
Packages
        100 /var/lib/dpkg/status
     2.8.95~2430-0ubuntu5 0
        500 http://ru.archive.ubuntu.com/ubuntu/ trusty/main amd64 Packages
apparmor-profiles:
  Installed: 2.8.95~2430-0ubuntu5.1
  Candidate: 2.8.95~2430-0ubuntu5.1
  Version table:
 *** 2.8.95~2430-0ubuntu5.1 0
        500 http://ru.archive.ubuntu.com/ubuntu/ trusty-updates/main amd64 
Packages
        500 http://security.ubuntu.com/ubuntu/ trusty-security/main amd64 
Packages
        100 /var/lib/dpkg/status
     2.8.95~2430-0ubuntu5 0
        500 http://ru.archive.ubuntu.com/ubuntu/ trusty/main amd64 Packages
apparmor-utils:
  Installed: 2.8.95~2430-0ubuntu5.1
  Candidate: 2.8.95~2430-0ubuntu5.1
  Version table:
 *** 2.8.95~2430-0ubuntu5.1 0
        500 http://ru.archive.ubuntu.com/ubuntu/ trusty-updates/main amd64 
Packages
        500 http://security.ubuntu.com/ubuntu/ trusty-security/main amd64 
Packages
        100 /var/lib/dpkg/status
     2.8.95~2430-0ubuntu5 0
        500 http://ru.archive.ubuntu.com/ubuntu/ trusty/main amd64 Packages

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux-lts-utopic in Ubuntu.
https://bugs.launchpad.net/bugs/1425398

Title:
  Apparmor uses rsyslogd profile for different processes - utopic HWE

Status in apparmor package in Ubuntu:
  New
Status in linux-lts-utopic package in Ubuntu:
  New

Bug description:
  Hi.

  I've noticed that apparmor loads /usr/sbin/rsyslogd profile for
  completely unrelated processes:

  Feb 25 08:36:19 emma kernel: [  134.796218] audit: type=1400 
audit(1424842579.429:245): apparmor="DENIED" operation="sendmsg" 
profile="/usr/sbin/rsyslogd" name="/dev/log" pid=4002 comm="sshd" 
requested_mask="r" denied_mask="r" fsuid=0 ouid=0
  Feb 25 08:36:23 emma kernel: [  139.330989] audit: type=1400 
audit(1424842583.965:246): apparmor="DENIED" operation="sendmsg" 
profile="/usr/sbin/rsyslogd" name="/dev/log" pid=4080 comm="sudo" 
requested_mask="r" denied_mask="r" fsuid=0 ouid=0
  Feb 25 08:35:42 emma kernel: [   97.912402] audit: type=1400 
audit(1424842542.565:241): apparmor="DENIED" operation="sendmsg" 
profile="/usr/sbin/rsyslogd" name="/dev/log" pid=2436 comm="whoopsie" 
requested_mask="r" denied_mask="r" fsuid=103 ouid=0
  Feb 25 08:34:43 emma kernel: [   38.867998] audit: type=1400 
audit(1424842483.546:226): apparmor="DENIED" operation="sendmsg" 
profile="/usr/sbin/rsyslogd" name="/dev/log" pid=3762 comm="ntpd" 
requested_mask="r" denied_mask="r" fsuid=0 ouid=0

  
  I'm not sure how apparmor decides which profile to use for which task, but is 
shouldn't load '/usr/sbin/rsyslogd' profile for sshd/ntpd/etc.

  
  I'm running:
  # lsb_release -rd
  Description:  Ubuntu 14.04.2 LTS
  Release:      14.04

  # dpkg -l | grep apparmor
  ii  apparmor                            2.8.95~2430-0ubuntu5.1               
amd64        User-space parser utility for AppArmor
  ii  apparmor-profiles                   2.8.95~2430-0ubuntu5.1               
all          Profiles for AppArmor Security policies
  ii  apparmor-utils                      2.8.95~2430-0ubuntu5.1               
amd64        Utilities for controlling AppArmor
  ii  libapparmor-perl                    2.8.95~2430-0ubuntu5.1               
amd64        AppArmor library Perl bindings
  ii  libapparmor1:amd64                  2.8.95~2430-0ubuntu5.1               
amd64        changehat AppArmor library
  ii  python3-apparmor                    2.8.95~2430-0ubuntu5.1               
amd64        AppArmor Python3 utility library
  ii  python3-libapparmor                 2.8.95~2430-0ubuntu5.1               
amd64        AppArmor library Python3 bindings

  # uname -a
  Linux emma 3.16.0-31-generic #41~14.04.1-Ubuntu SMP Wed Feb 11 19:30:13 UTC 
2015 x86_64 x86_64 x86_64 GNU/Linux

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1425398/+subscriptions

-- 
Mailing list: https://launchpad.net/~kernel-packages
Post to     : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help   : https://help.launchpad.net/ListHelp

[Kernel-packages] [Bug 1425398] Re: Apparmor uses rsyslogd profile for different processes - utopic HWE

Reply via email to