AppArmor

  1. Bug #1528778
  2. Comment #2

Comment 2 for bug 1528778

Revision history for this message
Christian Boltz (cboltz) wrote : Re: aa-logprof ignores denied messages

That's no a bug, it's a missing feature ;-) - aa-logprof doesn't have support for unix rules/events yet, so you'll need to allow this by manually adding rules.

Nevertheless, thanks for the log - having some example log lines is always helpful.

Dec 21 09:49:19 th1nkp4d kernel: [ 1807.331151] audit: type=1400 audit(1450687759.549:3582): apparmor="ALLOWED" operation="connect" profile="/usr/sbin/cupsd" pid=6049 comm="cupsd" family="unix" sock_type="stream" protocol=0 requested_mask="send receive connect" denied_mask="send connect" addr=none peer_addr="@2F746D702F65736574732E736F636B0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000" peer="unconfined"

BTW: peer_addr decodes to

# aa-decode 2F746D702F65736574732E736F636B
Decoded: /tmp/esets.sock

(I wonder if the tons of 0000000 are intentional - John, can you clarify this, please?)