[pkg-apparmor] Bug#973356: apparmor-profiles: complain on syslog-ng opening system.journal until re-enabling profile
Lorenzo Iannuzzi
innakis at gmail.com
Thu Oct 29 11:43:08 GMT 2020
Package: apparmor-profiles
Version: 2.13.2-10
Severity: important
After installing apparmor-profiles and rebooting I started receiving in log
a
lot of those messages:
localhost kernel: audit: type=1400 audit(1603955977.468:2281):
apparmor="ALLOWED" operation="open" profile="syslog-
ng//null-/bin/dash//null-/usr/sbin/sshguard//null-/bin/journalctl"
name="/run/log/journal/ccca544565cf1834599ef913deceef00/system.journal"
pid=6749 comm="journalctl" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
I can see some rules from profile that should permit the access to that
file:
/{var,var/run,run}/log/journal/ r,
/{var,var/run,run}/log/journal/*/ r,
/{var,var/run,run}/log/journal/*/*.journal r,
and if I disable and enable again the profile (with aa-disable and
aa-complain)
log messages doesn't show anymore.
Why those log are shown on boot, but disappear after I reload the syslog-ng
profile?
-- System Information:
Debian Release: 10.6
APT prefers stable
APT policy: (990, 'stable'), (500, 'stable-updates'), (50, 'testing')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 4.19.0-12-amd64 (SMP w/4 CPU cores)
Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_OOT_MODULE,
TAINT_UNSIGNED_MODULE
Locale: LANG=it_IT.UTF-8, LC_CTYPE=it_IT.UTF-8 (charmap=UTF-8),
LANGUAGE=it_IT.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Versions of packages apparmor-profiles depends on:
ii apparmor 2.13.2-10
apparmor-profiles recommends no packages.
apparmor-profiles suggests no packages.
-- no debconf information
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/pkg-apparmor-team/attachments/20201029/4dbacf2a/attachment.html>
More information about the pkg-apparmor-team
mailing list