btw this is on Ubuntu 16.04. apparmor 2.10.95-0ubuntu2
On Wed, Apr 27, 2016 at 2:57 PM, Me Self <[email protected]> wrote: > > After profiling pidgin with aa-genprof it wont start up. > > So I did aa-compain on pidgin, started pidgin and then ran aa-logprof. > > aa-logprof didnt find anything new. > > Inspecting the kern.log myself while starting pidgin in complain mode I > only find two DENIEDs: > > Apr 27 14:39:41 boat kernel: [90301.537887] audit: type=1400 > audit(1461760781.869:1955): apparmor="DENIED" operation="connect" > profile="/usr/bin/pidgin" pid=24003 comm="pidgin" family="unix" > sock_type="stream" protocol=0 requested_mask="send receive connect" > denied_mask="send connect" addr=none peer_addr="@/tmp/.X11-unix/X0" > peer="unconfined" > > Apr 27 14:40:22 boat kernel: [90342.547209] audit: type=1400 > audit(1461760822.878:1956): apparmor="DENIED" operation="connect" > profile="/usr/bin/pidgin" pid=24013 comm="pidgin" family="unix" > sock_type="stream" protocol=0 requested_mask="send receive connect" > denied_mask="send connect" addr=none peer_addr="@/tmp/.X11-unix/X0" > peer="unconfined" > > Could these be blocking the app in enforce mode? and why isnt aa-logprof > picking it up? > > The profile looks like this: > > # Last Modified: Wed Apr 27 14:38:00 2016 > #include <tunables/global> > > /usr/bin/pidgin flags=(complain) { > #include <abstractions/base> > > network inet dgram, > network inet stream, > network inet6 dgram, > network netlink raw, > > ptrace trace peer=unconfined, > > /dev/ r, > /dev/shm/ r, > /dev/shm/* rw, > /etc/fonts/** r, > /etc/gai.conf r, > /etc/gnome/defaults.list r, > /etc/host.conf r, > /etc/hosts r, > /etc/machine-id r, > /etc/nsswitch.conf r, > /etc/passwd r, > /etc/pulse/client.conf r, > /home/*/.Xauthority r, > /home/*/.cache/gstreamer-1.0/registry.x86_64.bin r, > /home/*/.config/dconf/user r, > /home/*/.config/enchant/ r, > /home/*/.config/enchant/* rw, > /home/*/.config/ibus/** r, > /home/*/.config/ibus/bus/ w, > /home/*/.local/share/applications/ r, > /home/*/.local/share/icons/ r, > /home/*/.purple/* rw, > /home/*/.purple/certificates/x509/** rw, > /home/*/.purple/logs/irc/** w, > /home/*/.purple/plugins/ r, > /home/*/.purple/smileys/ r, > /proc/*/status r, > /run/dbus/system_bus_socket r, > /run/resolvconf/resolv.conf r, > /run/user/1000/* rw, > /run/user/1000/dconf/user rw, > /sys/devices/system/cpu/ r, > /sys/devices/system/node/ r, > /sys/devices/system/node/node0/meminfo r, > /tmp/ r, > /usr/bin/pidgin mr, > /usr/local/share/fonts/ r, > /usr/share/applications/ r, > /usr/share/applications/mimeinfo.cache r, > /usr/share/applications/pidgin.desktop r, > /usr/share/enchant/enchant.ordering r, > /usr/share/fontconfig/** r, > /usr/share/fonts/ r, > /usr/share/fonts/** r, > /usr/share/glib-2.0/schemas/gschemas.compiled r, > /usr/share/gnome/applications/ r, > /usr/share/hunspell/* r, > /usr/share/icons/ r, > /usr/share/icons/** r, > /usr/share/mime/mime.cache r, > /usr/share/pixmaps/ r, > /usr/share/pixmaps/pidgin/** r, > /usr/share/poppler/**/ r, > /usr/share/sounds/purple/* r, > /usr/share/themes/ r, > /usr/share/themes/** r, > /usr/share/ubuntu/applications/ r, > /var/cache/fontconfig/* r, > /var/tmp/ r, > > } > > >
-- AppArmor mailing list [email protected] Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor
