[pkg-apparmor] Bug#962838: Apparmor profile for syslog-ng assumes trivial config
Elliott Mitchell
ehem+debian at m5p.com
Sun Jun 14 23:26:21 BST 2020
Package: apparmor-profiles
Version: 2.13.2-10
I've added the option "use_dns(yes);" and am allowing messages from the
local network. With this small configuration adjustment in place, I see
the kernel log getting severely spammed by AppArmor:
[######.######] audit: type=1400 audit(####################): apparmor="ALLOWED" operation="open" profile="syslog-ng" name="/proc/<misc-pid>/cmdline" pid=<syslog-ng-pid> comm="syslog-ng" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
[######.######] audit: type=1400 audit(####################): apparmor="ALLOWED" operation="open" profile="syslog-ng" name="/proc/<misc-pid>/loginuid" pid=<syslog-ng-pid> comm="syslog-ng" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
[######.######] audit: type=1400 audit(####################): apparmor="ALLOWED" operation="open" profile="syslog-ng" name="/proc/<misc-pid>/sessionid" pid=<syslog-ng-pid> comm="syslog-ng" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
I'm cautiously optimistic this is due to the AppArmor profile for
syslog-ng being incomplete and not someone having broken into this
machine and done something to syslog-ng.
--
(\___(\___(\______ --=> 8-) EHM <=-- ______/)___/)___/)
\BS ( | ehem+sigmsg at m5p.com PGP 87145445 | ) /
\_CS\ | _____ -O #include <stddisclaimer.h> O- _____ | / _/
8A19\___\_|_/58D2 7E3D DDF4 7BA6 <-PGP-> 41D1 B375 37D0 8714\_|_/___/5445
More information about the pkg-apparmor-team
mailing list