Public bug reported: - AppArmor 2.7.2 on openSUSE 12.1 - httpd2-prefork profile in complain mode - using mod_apparmor with one hat per vhost (specified with AADefaultHatName)
mod_apparmor doesn't print/log any error message if the hat specified with AADefaultHatName does not exist. Instead, I get tons of audit.log entries for the DEFAULT_URI hat, for example type=AVC msg=audit(1333446842.790:303110): apparmor="ALLOWED" operation="file_perm" parent=13357 profile="/usr/sbin/httpd2-prefork//DEFAULT_URI" name="/home/www/example.com/statistics/logs/access_log" pid=21888 comm="httpd2-prefork" requested_mask="w" denied_mask="w" fsuid=30 ouid=0 Expected behaviour: Write some error message to audit.log or the apache error log if the hat specified in AADefaultHatName does not exist. It would be even better if an audit.log entry would be written so that logprof can propose to create the missing hat. ** Affects: apparmor Importance: Undecided Status: New -- You received this bug notification because you are a member of AppArmor Developers, which is the registrant for AppArmor. https://bugs.launchpad.net/bugs/974616 Title: mod_apparmor: no error message when requesting non-existing hat Status in AppArmor Linux application security framework: New Bug description: - AppArmor 2.7.2 on openSUSE 12.1 - httpd2-prefork profile in complain mode - using mod_apparmor with one hat per vhost (specified with AADefaultHatName) mod_apparmor doesn't print/log any error message if the hat specified with AADefaultHatName does not exist. Instead, I get tons of audit.log entries for the DEFAULT_URI hat, for example type=AVC msg=audit(1333446842.790:303110): apparmor="ALLOWED" operation="file_perm" parent=13357 profile="/usr/sbin/httpd2-prefork//DEFAULT_URI" name="/home/www/example.com/statistics/logs/access_log" pid=21888 comm="httpd2-prefork" requested_mask="w" denied_mask="w" fsuid=30 ouid=0 Expected behaviour: Write some error message to audit.log or the apache error log if the hat specified in AADefaultHatName does not exist. It would be even better if an audit.log entry would be written so that logprof can propose to create the missing hat. To manage notifications about this bug go to: https://bugs.launchpad.net/apparmor/+bug/974616/+subscriptions -- AppArmor mailing list AppArmor@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor