On Wed, May 10, 2017 at 02:30:06AM -0700, John Johansen wrote: > > [ 4713.703343] audit: type=1400 audit(1494266957.842:3148): > > apparmor="DENIED" operation="capable" profile="/bin/netstat" pid=4267 > > comm="netstat" capability=19 capname="sys_ptrace"
> in your profile but it might be acceptable to do > > allow ptrace read, > > or if you know the peers it should be limited to > allow ptrace read peer=some_peer_expr, > > using read will block the ptrace request to just reading info, and not > allow the full ptrace which allows modifying a task. Because this is netstat, you probably want the wide version: allow ptrace read, because you want netstat to give you full details about your system. Thanks
signature.asc
Description: PGP signature
-- AppArmor mailing list [email protected] Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor
