[pkg-apparmor] Bug#900329: apparmor: denials for apt-cacher-ng

Ritesh Raj Sarraf rrs at debian.org
Tue May 29 07:35:10 BST 2018 

Package: apparmor
Version: 2.12-4
Severity: normal

[ 5093.351969] audit: type=1400 audit(1527574882.949:79): apparmor="DENIED" operation="open" profile="/usr/sbin/apt-cacher-ng" name="/var/cache/apt/archives/" pid=17428 comm="apt-cacher-ng" requested_mask="r" denied_mask="r" fsuid=128 ouid=0
[ 5207.599652] audit: type=1400 audit(1527574997.198:80): apparmor="DENIED" operation="open" profile="/usr/sbin/apt-cacher-ng" name="/var/cache/apt/archives/" pid=17428 comm="apt-cacher-ng" requested_mask="r" denied_mask="r" fsuid=128 ouid=0

I noticed these denial messages in my system logs. The
apparmor-profiles-extra package includes a profile for `apt-cacher-ng`.

......
  /{,var/}run/apt-cacher-ng/* rw,
  @{APT_CACHE_DIR}/ r,
  @{APT_CACHE_DIR}/** rw,
  /var/log/apt-cacher-ng/ r,
......

The policy looks fine to me here above.


The only additional chagne I have is about cache imports, which stays
in "_import", which is again a symlink to the apt cache direcotry:

total 56K
drwxr-sr-x 3 apt-cacher-ng apt-cacher-ng 4.0K Jan 28 18:52 172.16.20.1/
drwxr-sr-x 2 apt-cacher-ng apt-cacher-ng 4.0K May 29 12:07 _actmp/
drwxr-sr-x 4 apt-cacher-ng apt-cacher-ng 4.0K Jan 28 17:57 debrep/
drwxr-sr-x 3 apt-cacher-ng apt-cacher-ng 4.0K Jan 28 17:45 debug.mirrors.debian.org/
drwxr-sr-x 3 apt-cacher-ng apt-cacher-ng 4.0K Mar 14 11:11 dl.google.com/
-rw-r--r-- 1 apt-cacher-ng apt-cacher-ng   11 Apr  3 08:56 _exfail_cnt
-rw-r--r-- 1 apt-cacher-ng apt-cacher-ng    0 Apr  3 08:56 _expending_damaged
drwxr-sr-x 3 apt-cacher-ng apt-cacher-ng 4.0K Feb 10 23:31 ftp.ports.debian.org/
-rw-r--r-- 1 apt-cacher-ng apt-cacher-ng  356 May 29 12:08 _impkeycache
lrwxrwxrwx 1 root          apt-cacher-ng   24 Jan 28 18:18 _import -> /var/cache/apt/archives//
drwxr-sr-x 3 apt-cacher-ng apt-cacher-ng 4.0K Feb 20 18:28 metadata.ftp-master.debian.org/
drwxr-sr-x 2 apt-cacher-ng apt-cacher-ng 4.0K Jan 28 18:59 mirrors.ubuntu.com/
drwxr-sr-x 4 apt-cacher-ng apt-cacher-ng 4.0K Feb 20 10:31 security.debian.org/
drwxr-sr-x 3 apt-cacher-ng apt-cacher-ng 4.0K Feb 10 23:31 snapshot.debian.org/
drwxr-sr-x 3 apt-cacher-ng apt-cacher-ng 4.0K Jan 28 19:21 sysbridge/
drwxr-sr-x 4 apt-cacher-ng apt-cacher-ng 4.0K Jan 28 17:30 _xstore/
12:17 ♒♒♒   ☺ 😄    


-- System Information:
Debian Release: buster/sid
  APT prefers testing
  APT policy: (900, 'testing'), (500, 'unstable-debug'), (500, 'testing-debug'), (500, 'unstable'), (100, 'experimental'), (1, 'experimental-debug')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.16.0-2-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_IN, LC_CTYPE=en_IN (charmap=UTF-8), LANGUAGE=en_IN:en (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages apparmor depends on:
ii  cdebconf [debconf-2.0]  0.243
ii  debconf [debconf-2.0]   1.5.66
ii  libc6                   2.27-3
ii  lsb-base                9.20170808
ii  python3                 3.6.5-3

apparmor recommends no packages.

Versions of packages apparmor suggests:
ii  apparmor-profiles-extra  1.19
ii  apparmor-utils           2.12-4

-- debconf information:
* apparmor/homedirs: /media/SSHD/rrs-home/

More information about the pkg-apparmor-team mailing list