Skip to content

AppArmor

Jump to bottom Edit New page
pyllyukko edited this page Mar 16, 2020 · 8 revisions

Problematic AppArmor profiles.

dhclient

There's some issues with enforce mode:

Sep 10 22:24:34 debian8 dhclient: can't create /var/lib/NetworkManager/dhclient-8cba46aa-5e5c-43c6-8234-1936f411ed9a-eth0.lease: Permission denied
Sep 10 22:24:34 debian8 dhclient: execve (/usr/lib/NetworkManager/nm-dhcp-helper, ...): Permission denied
Sep 10 22:24:34 debian8 dhclient: Open a socket for LPF: Operation not permitted
Sep 10 22:24:34 debian8 dhclient: 
Sep 10 22:24:34 debian8 dhclient: If you think you have received this message due to a bug rather
Sep 10 22:24:34 debian8 dhclient: than a configuration issue please read the section on submitting
Sep 10 22:24:34 debian8 dhclient: bugs on either our web page at www.isc.org or in the README file
Sep 10 22:24:34 debian8 dhclient: before submitting a bug.  These pages explain the proper
Sep 10 22:24:34 debian8 dhclient: process and the information we find helpful for debugging..
Sep 10 22:24:34 debian8 dhclient: 
Sep 10 22:24:34 debian8 dhclient: exiting.

Switch back to complain: aa-complain /etc/apparmor.d/sbin.dhclient

16.3.2020: Still applies with Debian 10.

sshd

Problems ahead:

Sep 10 22:27:43 debian8 sshd[2439]: Did not receive identification string from XXX.YYY.ZZ.X
Sep 10 22:27:43 debian8 sshd[2440]: PAM audit_log_acct_message() failed: Operation not permitted
Sep 10 22:27:43 debian8 sshd[2440]: fatal: Access denied for user XYZ by PAM account configuration [preauth]

Complain: aa-complain /etc/apparmor.d/usr.sbin.sshd

man

man: can't open the manpath configuration file /etc/manpath.config

Complain: aa-complain /etc/apparmor.d/usr.bin.man

16.3.2020: Still applies with Debian 10.

logrotate

type=AVC msg=audit(1473578605.051:569): apparmor="DENIED" operation="file_lock" profile="/etc/cron.daily/logrotate" name="/etc/logrotate.conf" pid=1984 comm="logrotate" requested_mask="k" denied_mask="k" fsuid=0 ouid=0
type=AVC msg=audit(1473578605.051:570): apparmor="DENIED" operation="open" profile="/etc/cron.daily/logrotate" name="/etc/logrotate.d/" pid=1984 comm="logrotate" requested_mask="r" denied_mask="r" fsuid=0 ouid=0

netstat

audit[21572]: AVC apparmor="DENIED" operation="open" profile="netstat" name="/proc/21572/net/udplite6" pid=21572 comm="netstat" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
Add a custom footer
Add a custom sidebar
Clone this wiki locally