Jamie Strandboge <[EMAIL PROTECTED]> writes:
> Daniel, are you still seeing this on an up to date Hardy?
I am afraid so:
rc:0 ] dmesg |tail
[ 115.412073] audit(1208335452.188:18): type=1503 operation="inode_permission"
requested_mask="::r" denied_mask="::r" name="/etc/avahi/etc/localtime" pid=6548
profile="/usr/sbin/avahi-daemon" namespace="default"
[ 115.412708] audit(1208335452.188:19): type=1503 operation="inode_permission"
requested_mask="::r" denied_mask="::r" name="/etc/avahi/etc/localtime" pid=6548
profile="/usr/sbin/avahi-daemon" namespace="default"
[ 115.424999] audit(1208335452.200:20): type=1503 operation="inode_permission"
requested_mask="::r" denied_mask="::r" name="/etc/avahi/etc/localtime" pid=6548
profile="/usr/sbin/avahi-daemon" namespace="default"
[ 115.425349] audit(1208335452.200:21): type=1503 operation="inode_permission"
requested_mask="::r" denied_mask="::r" name="/etc/avahi/etc/localtime" pid=6548
profile="/usr/sbin/avahi-daemon" namespace="default"
[ 116.689623] audit(1208335453.513:22): type=1503 operation="inode_permission"
requested_mask="::r" denied_mask="::r" name="/etc/avahi/etc/localtime" pid=6548
profile="/usr/sbin/avahi-daemon" namespace="default"
[ 116.689774] audit(1208335453.513:23): type=1503 operation="inode_permission"
requested_mask="::r" denied_mask="::r" name="/etc/avahi/etc/localtime" pid=6548
profile="/usr/sbin/avahi-daemon" namespace="default"
[ 116.713254] audit(1208335453.537:24): type=1503 operation="inode_permission"
requested_mask="::r" denied_mask="::r" name="/etc/avahi/etc/localtime" pid=6548
profile="/usr/sbin/avahi-daemon" namespace="default"
[ 116.720967] audit(1208335453.545:25): type=1503 operation="inode_permission"
requested_mask="::r" denied_mask="::r" name="/etc/avahi/etc/localtime" pid=6548
profile="/usr/sbin/avahi-daemon" namespace="default"
[ 116.733223] audit(1208335453.557:26): type=1503 operation="inode_permission"
requested_mask="::r" denied_mask="::r" name="/etc/avahi/etc/localtime" pid=6548
profile="/usr/sbin/avahi-daemon" namespace="default"
[ 116.733394] audit(1208335453.557:27): type=1503 operation="inode_permission"
requested_mask="::r" denied_mask="::r" name="/etc/avahi/etc/localtime" pid=6548
profile="/usr/sbin/avahi-daemon" namespace="default"
> /etc/localtime is allowed in the profile, and some changes were made to
> klibc and the kernel for improper matches.
rc:0 ] apt-cache show apparmor-profiles | grep Version
Version: 2.1+1075-0ubuntu9
Also, please note that the file is */etc/avahi*/etc/localtime, not the
global file, which is permitted.
Nothing in the avahi profile seems to match; perhaps it needs added:
/etc/avahi/etc/ r
(Though, that directory only contains the localtime file)
I believe this is used to chroot the avahi components nicely out of the
way of anything else in the name of security.
Regards,
Daniel
--
audit(1205449995.508:13): operation="inode_permission" request_mask="::r"
denied_mask="::r" name="/etc/avahi/etc/localtime" pid=6939
profile="/usr/sbin/avahi-daemon" namespace="default"
https://bugs.launchpad.net/bugs/202026
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
