Public bug reported:
The fusermount3 profile is triggering AppArmor denials when attempting
to use specific kernel capabilities (dac_override and setuid). This
likely prevents users from mounting or unmounting FUSE filesystems.
kernel: linux-aws
release: 26.04
'May 20 13:46:59 ip-10-0-0-98 kernel: audit: type=1400
audit(1779284819.555:259): apparmor="DENIED" operation="capable" class="cap"
profile="fusermount3" pid=7252 comm="fusermount3" capability=1
capname="dac_override"',
'May 20 13:46:59 ip-10-0-0-98 kernel: audit: type=1400
audit(1779284819.555:260): apparmor="DENIED" operation="capable" class="cap"
profile="fusermount3" pid=7252 comm="fusermount3" capability=7
capname="setuid"',
'May 20 13:46:59 ip-10-0-0-98 kernel: audit: type=1400
audit(1779284819.556:261): apparmor="DENIED" operation="capable" class="cap"
profile="fusermount3" pid=7253 comm="fusermount3" capability=7
capname="setuid"',
'May 20 13:47:33 ip-10-0-0-98 kernel: audit: type=1400
audit(1779284853.147:280): apparmor="DENIED" operation="capable" class="cap"
profile="fusermount3" pid=9275 comm="fusermount3" capability=1
capname="dac_override"',
'May 20 13:47:33 ip-10-0-0-98 kernel: audit: type=1400
audit(1779284853.147:281): apparmor="DENIED" operation="capable" class="cap"
profile="fusermount3" pid=9275 comm="fusermount3" capability=7
capname="setuid"',
'May 20 13:47:33 ip-10-0-0-98 kernel: audit: type=1400
audit(1779284853.164:282): apparmor="DENIED" operation="capable" class="cap"
profile="fusermount3" pid=9276 comm="fusermount3" capability=7
capname="setuid"',
** Affects: apparmor (Ubuntu)
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2153802
Title:
fusermount3 apparmor denied logs
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/2153802/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
