Vincas Dargis has proposed merging lp:~talkless/apparmor/apparmor into
lp:apparmor.
Requested reviews:
AppArmor Developers (apparmor-dev)
For more details, see:
https://code.launchpad.net/~talkless/apparmor/apparmor/+merge/333003
When testing Apache confinement using phpsysinfo as example provided, I
discovered multiple denies, which are fixed in this MR.
Denies in question:
type=AVC msg=audit(1509385448.853:379): apparmor="DENIED" operation="open"
profile="/usr/sbin/apache2//phpsysinfo" name="/etc/phpsysinfo/phpsysinfo.ini"
pid=16743 comm="apache2" requested_mask="r" denied_mask="r" fsuid=33 ouid=0
type=SYSCALL msg=audit(1509385448.853:379): arch=c000003e syscall=2 success=no
exit=-13 a0=7ffc3ad88850 a1=0 a2=1b6 a3=7ffc3ad85620 items=0 ppid=16742
pid=16743 auid=4294967295 uid=33 gid=33 euid=33 suid=33 fsuid=33 egid=33
sgid=33 fsgid=33 tty=(none) ses=4294967295 comm="apache2"
exe="/usr/sbin/apache2" key=(null)
type=PROCTITLE msg=audit(1509385448.853:379):
proctitle=2F7573722F7362696E2F61706163686532002D6B007374617274
type=AVC msg=audit(1509385448.857:380): apparmor="DENIED" operation="open"
profile="/usr/sbin/apache2//phpsysinfo" name="/etc/default/locale" pid=16743
comm="apache2" requested_mask="r" denied_mask="r" fsuid=33 ouid=0
type=SYSCALL msg=audit(1509385448.857:380): arch=c000003e syscall=2 success=no
exit=-13 a0=7ffc3ad88a70 a1=0 a2=1b6 a3=7ffc3ad86990 items=0 ppid=16742
pid=16743 auid=4294967295 uid=33 gid=33 euid=33 suid=33 fsuid=33 egid=33
sgid=33 fsgid=33 tty=(none) ses=4294967295 comm="apache2"
exe="/usr/sbin/apache2" key=(null)
type=PROCTITLE msg=audit(1509385448.857:380):
proctitle=2F7573722F7362696E2F61706163686532002D6B007374617274
type=AVC msg=audit(1509385827.445:495): apparmor="DENIED" operation="open"
profile="/usr/sbin/apache2//phpsysinfo" name="/proc/" pid=17493 comm="apache2"
requested_mask="r" denied_mask="r" fsuid=33 ouid=0
type=SYSCALL msg=audit(1509385827.445:495): arch=c000003e syscall=2 success=no
exit=-13 a0=7ffd393fd760 a1=90800 a2=2a a3=1 items=0 ppid=17415 pid=17493
auid=4294967295 uid=33 gid=33 euid=33 suid=33 fsuid=33 egid=33 sgid=33 fsgid=33
tty=(none) ses=4294967295 comm="apache2" exe="/usr/sbin/apache2" key=(null)
type=PROCTITLE msg=audit(1509385827.445:495):
proctitle=2F7573722F7362696E2F61706163686532002D6B007374617274
type=AVC msg=audit(1509385986.481:564): apparmor="DENIED" operation="open"
profile="/usr/sbin/apache2//phpsysinfo" name="/run/udev/data/+usb:1-1:1.0"
pid=17753 comm="lsusb" requested_mask="r" denied_mask="r" fsuid=33 ouid=0
type=SYSCALL msg=audit(1509385986.481:564): arch=c000003e syscall=2 success=no
exit=-13 a0=7ffc7e58dc30 a1=80000 a2=1b6 a3=80000 items=0 ppid=17752 pid=17753
auid=4294967295 uid=33 gid=33 euid=33 suid=33 fsuid=33 egid=33 sgid=33 fsgid=33
tty=(none) ses=4294967295 comm="lsusb" exe="/usr/bin/lsusb" key=(null)
type=AVC msg=audit(1509385986.481:565): apparmor="DENIED" operation="open"
profile="/usr/sbin/apache2//phpsysinfo" name="/sys/bus/i2c/devices/" pid=17496
comm="apache2" requested_mask="r" denied_mask="r" fsuid=33 ouid=0
type=SYSCALL msg=audit(1509385986.481:565): arch=c000003e syscall=2 success=no
exit=-13 a0=7ffd393fd740 a1=90800 a2=2a a3=1 items=0 ppid=17415 pid=17496
auid=4294967295 uid=33 gid=33 euid=33 suid=33 fsuid=33 egid=33 sgid=33 fsgid=33
tty=(none) ses=4294967295 comm="apache2" exe="/usr/sbin/apache2" key=(null)
type=PROCTITLE msg=audit(1509385986.481:565):
proctitle=2F7573722F7362696E2F61706163686532002D6B007374617274
type=AVC msg=audit(1509385986.485:566): apparmor="DENIED" operation="exec"
profile="/usr/sbin/apache2//phpsysinfo" name="/bin/ip" pid=17756 comm="sh"
requested_mask="x" denied_mask="x" fsuid=33 ouid=0
type=SYSCALL msg=audit(1509385986.485:566): arch=c000003e syscall=59 success=no
exit=-13 a0=555e361b0b70 a1=555e361b0be0 a2=555e361b0c08 a3=7ff184b249d0
items=0 ppid=17755 pid=17756 auid=4294967295 uid=33 gid=33 euid=33 suid=33
fsuid=33 egid=33 sgid=33 fsgid=33 tty=(none) ses=4294967295 comm="sh"
exe="/bin/dash" key=(null)
type=AVC msg=audit(1509386439.525:751): apparmor="DENIED" operation="exec"
profile="/usr/sbin/apache2//phpsysinfo" name="/usr/bin/locale" pid=18519
comm="sh" requested_mask="x" denied_mask="x" fsuid=33 ouid=0
type=SYSCALL msg=audit(1509386439.525:751): arch=c000003e syscall=59 success=no
exit=-13 a0=55d60477b440 a1=55d6039e7c30 a2=55d60477b3d8 a3=55d60477b130
items=0 ppid=18518 pid=18519 auid=4294967295 uid=33 gid=33 euid=33 suid=33
fsuid=33 egid=33 sgid=33 fsgid=33 tty=(none) ses=4294967295 comm="sh"
exe="/bin/dash" key=(null)
type=PROCTITLE msg=audit(1509386439.525:751):
proctitle=7368002D63004C414E473D22656E5F55532E5554462D3822206C6F63616C65202D6B204C435F435459504520323E2F6465762F6E756C6C
type=AVC msg=audit(1509386440.341:771): apparmor="DENIED" operation="open"
profile="/usr/sbin/apache2//phpsysinfo"
name="/usr/share/distro-info/debian.csv" pid=18561 comm="lsb_release"
requested_mask="r" denied_mask="r" fsuid=33 ouid=0
type=SYSCALL msg=audit(1509386440.341:771): arch=c000003e syscall=2 success=no
exit=-13 a0=7fe67ad87c20 a1=80000 a2=1b6 a3=7fe67ae52ae0 items=0 ppid=18560
pid=18561 auid=4294967295 uid=33 gid=33 euid=33 suid=33 fsuid=33 egid=33
sgid=33 fsgid=33 tty=(none) ses=4294967295 comm="lsb_release"
exe="/usr/bin/python3.6" key=(null)
type=PROCTITLE msg=audit(1509386440.341:771):
proctitle=2F7573722F62696E2F707974686F6E33002D4573002F7573722F62696E2F6C73625F72656C65617365002D61
type=AVC msg=audit(1509386440.357:772): apparmor="DENIED" operation="exec"
profile="/usr/sbin/apache2//phpsysinfo" name="/bin/dmesg" pid=18569 comm="sh"
requested_mask="x" denied_mask="x" fsuid=33 ouid=0
type=SYSCALL msg=audit(1509386440.357:772): arch=c000003e syscall=59 success=no
exit=-13 a0=5574cd8d7af8 a1=5574cd8d7b20 a2=5574cd8d7b30 a3=7f54c9d8c9d0
items=0 ppid=18568 pid=18569 auid=4294967295 uid=33 gid=33 euid=33 suid=33
fsuid=33 egid=33 sgid=33 fsgid=33 tty=(none) ses=4294967295 comm="sh"
exe="/bin/dash" key=(null)
type=PROCTITLE msg=audit(1509386440.357:772):
proctitle=7368002D6300222F62696E2F646D6573672220
type=AVC msg=audit(1509386440.465:773): apparmor="DENIED" operation="open"
profile="/usr/sbin/apache2//phpsysinfo" name="/run/udev/data/c189:0" pid=18575
comm="lsusb" requested_mask="r" denied_mask="r" fsuid=33 ouid=0
type=SYSCALL msg=audit(1509386440.465:773): arch=c000003e syscall=2 success=no
exit=-13 a0=7ffd4a0f2f00 a1=80000 a2=1b6 a3=80000 items=0 ppid=18574 pid=18575
auid=4294967295 uid=33 gid=33 euid=33 suid=33 fsuid=33 egid=33 sgid=33 fsgid=33
tty=(none) ses=4294967295 comm="lsusb" exe="/usr/bin/lsusb" key=(null)
type=PROCTITLE msg=audit(1509386440.465:773): proctitle="/usr/bin/lsusb"
type=AVC msg=audit(1509386440.465:776): apparmor="DENIED" operation="open"
profile="/usr/sbin/apache2//phpsysinfo" name="/run/udev/data/+usb:1-1:1.0"
pid=18575 comm="lsusb" requested_mask="r" denied_mask="r" fsuid=33 ouid=0
type=SYSCALL msg=audit(1509386440.465:776): arch=c000003e syscall=2 success=no
exit=-13 a0=7ffd4a0f2f00 a1=80000 a2=1b6 a3=80000 items=0 ppid=18574 pid=18575
auid=4294967295 uid=33 gid=33 euid=33 suid=33 fsuid=33 egid=33 sgid=33 fsgid=33
tty=(none) ses=4294967295 comm="lsusb" exe="/usr/bin/lsusb" key=(null)
type=PROCTITLE msg=audit(1509386440.465:776): proctitle="/usr/bin/lsusb"
type=AVC msg=audit(1509386440.469:777): apparmor="DENIED" operation="open"
profile="/usr/sbin/apache2//phpsysinfo" name="/etc/iproute2/group" pid=18578
comm="ip" requested_mask="r" denied_mask="r" fsuid=33 ouid=0
type=SYSCALL msg=audit(1509386440.469:777): arch=c000003e syscall=2 success=no
exit=-13 a0=559c53cdf508 a1=0 a2=1b6 a3=0 items=0 ppid=18577 pid=18578
auid=4294967295 uid=33 gid=33 euid=33 suid=33 fsuid=33 egid=33 sgid=33 fsgid=33
tty=(none) ses=4294967295 comm="ip" exe="/bin/ip" key=(null)
type=PROCTITLE msg=audit(1509386440.469:777):
proctitle=2F7362696E2F697000616464720073686F77006C6F
type=AVC msg=audit(1509387218.868:966): apparmor="DENIED" operation="open"
profile="/usr/sbin/apache2//phpsysinfo" name="/etc/dpkg/origins/debian"
pid=19497 comm="lsb_release" requested_mask="r" denied_mask="r" fsuid=33 ouid=0
type=SYSCALL msg=audit(1509387218.868:966): arch=c000003e syscall=2 success=no
exit=-13 a0=7f0b73630a50 a1=80000 a2=1b6 a3=7f0b735b6ca0 items=0 ppid=19496
pid=19497 auid=4294967295 uid=33 gid=33 euid=33 suid=33 fsuid=33 egid=33
sgid=33 fsgid=33 tty=(none) ses=4294967295 comm="lsb_release"
exe="/usr/bin/python3.6" key=(null)
type=PROCTITLE msg=audit(1509387218.868:966):
proctitle=2F7573722F62696E2F707974686F6E33002D4573002F7573722F62696E2F6C73625F72656C65617365002D61
type=AVC msg=audit(1509387440.856:1048): apparmor="DENIED" operation="open"
profile="/usr/sbin/apache2//phpsysinfo" name="/etc/apt/apt.conf.d/" pid=19744
comm="apt-cache" requested_mask="r" denied_mask="r" fsuid=33 ouid=0
type=SYSCALL msg=audit(1509387440.856:1048): arch=c000003e syscall=2 success=no
exit=-13 a0=556d21cf2b60 a1=90800 a2=7fce5e86eb58 a3=0 items=0 ppid=19743
pid=19744 auid=4294967295 uid=33 gid=33 euid=33 suid=33 fsuid=33 egid=33
sgid=33 fsgid=33 tty=(none) ses=4294967295 comm="apt-cache"
exe="/usr/bin/apt-cache" key=(null)
type=PROCTITLE msg=audit(1509387440.856:1048):
proctitle=6170742D636163686500706F6C696379
type=AVC msg=audit(1509387440.856:1049): apparmor="DENIED" operation="open"
profile="/usr/sbin/apache2//phpsysinfo" name="/usr/share/dpkg/cputable"
pid=19744 comm="apt-cache" requested_mask="r" denied_mask="r" fsuid=33 ouid=0
type=SYSCALL msg=audit(1509387440.856:1049): arch=c000003e syscall=2 success=no
exit=-13 a0=556d21cf7ae0 a1=0 a2=1b6 a3=0 items=0 ppid=19743 pid=19744
auid=4294967295 uid=33 gid=33 euid=33 suid=33 fsuid=33 egid=33 sgid=33 fsgid=33
tty=(none) ses=4294967295 comm="apt-cache" exe="/usr/bin/apt-cache" key=(null)
type=PROCTITLE msg=audit(1509387440.856:1049):
proctitle=6170742D636163686500706F6C696379
type=AVC msg=audit(1509387440.876:1050): apparmor="DENIED" operation="open"
profile="/usr/sbin/apache2//phpsysinfo" name="/dev/kmsg" pid=19752 comm="dmesg"
requested_mask="r" denied_mask="r" fsuid=33 ouid=0
type=SYSCALL msg=audit(1509387440.876:1050): arch=c000003e syscall=2 success=no
exit=-13 a0=5635cd52f17d a1=800 a2=5635cd52feb8 a3=527 items=0 ppid=19751
pid=19752 auid=4294967295 uid=33 gid=33 euid=33 suid=33 fsuid=33 egid=33
sgid=33 fsgid=33 tty=(none) ses=4294967295 comm="dmesg" exe="/bin/dmesg"
key=(null)
type=PROCTITLE msg=audit(1509387440.876:1050): proctitle="/bin/dmesg"
type=AVC msg=audit(1509387714.588:1106): apparmor="DENIED" operation="open"
profile="/usr/sbin/apache2//phpsysinfo"
name="/etc/apt/apt.conf.d/00CDMountPoint" pid=20175 comm="apt-cache"
requested_mask="r" denied_mask="r" fsuid=33 ouid=0
type=SYSCALL msg=audit(1509387714.588:1106): arch=c000003e syscall=2 success=no
exit=-13 a0=55d858e83020 a1=80100 a2=7ffc9c561c9b a3=55d858e7ecf0 items=0
ppid=20174 pid=20175 auid=4294967295 uid=33 gid=33 euid=33 suid=33 fsuid=33
egid=33 sgid=33 fsgid=33 tty=(none) ses=4294967295 comm="apt-cache"
exe="/usr/bin/apt-cache" key=(null)
type=PROCTITLE msg=audit(1509387714.588:1106):
proctitle=6170742D636163686500706F6C696379
type=AVC msg=audit(1509387714.588:1107): apparmor="DENIED" operation="open"
profile="/usr/sbin/apache2//phpsysinfo" name="/etc/apt/apt.conf.d/00aptitude"
pid=20175 comm="apt-cache" requested_mask="r" denied_mask="r" fsuid=33 ouid=0
type=SYSCALL msg=audit(1509387714.588:1107): arch=c000003e syscall=2 success=no
exit=-13 a0=55d858e7ecc0 a1=80100 a2=7ffc9c561c9b a3=73 items=0 ppid=20174
pid=20175 auid=4294967295 uid=33 gid=33 euid=33 suid=33 fsuid=33 egid=33
sgid=33 fsgid=33 tty=(none) ses=4294967295 comm="apt-cache"
exe="/usr/bin/apt-cache" key=(null)
type=PROCTITLE msg=audit(1509387714.588:1107):
proctitle=6170742D636163686500706F6C696379
type=AVC msg=audit(1509387714.588:1108): apparmor="DENIED" operation="open"
profile="/usr/sbin/apache2//phpsysinfo" name="/etc/apt/apt.conf.d/00trustcdrom"
pid=20175 comm="apt-cache" requested_mask="r" denied_mask="r" fsuid=33 ouid=0
type=SYSCALL msg=audit(1509387714.588:1108): arch=c000003e syscall=2 success=no
exit=-13 a0=55d858e83810 a1=80100 a2=7ffc9c561c9b a3=73 items=0 ppid=20174
pid=20175 auid=4294967295 uid=33 gid=33 euid=33 suid=33 fsuid=33 egid=33
sgid=33 fsgid=33 tty=(none) ses=4294967295 comm="apt-cache"
exe="/usr/bin/apt-cache" key=(null)
type=PROCTITLE msg=audit(1509387714.588:1108):
proctitle=6170742D636163686500706F6C696379
type=AVC msg=audit(1509387714.588:1109): apparmor="DENIED" operation="open"
profile="/usr/sbin/apache2//phpsysinfo" name="/etc/apt/apt.conf.d/01autoremove"
pid=20175 comm="apt-cache" requested_mask="r" denied_mask="r" fsuid=33 ouid=0
type=SYSCALL msg=audit(1509387714.588:1109): arch=c000003e syscall=2 success=no
exit=-13 a0=55d858e80d10 a1=80100 a2=7ffc9c561c9b a3=73 items=0 ppid=20174
pid=20175 auid=4294967295 uid=33 gid=33 euid=33 suid=33 fsuid=33 egid=33
sgid=33 fsgid=33 tty=(none) ses=4294967295 comm="apt-cache"
exe="/usr/bin/apt-cache" key=(null)
type=PROCTITLE msg=audit(1509387714.588:1109):
proctitle=6170742D636163686500706F6C696379
type=AVC msg=audit(1509387714.588:1110): apparmor="DENIED" operation="open"
profile="/usr/sbin/apache2//phpsysinfo"
name="/etc/apt/apt.conf.d/01autoremove-kernels" pid=20175 comm="apt-cache"
requested_mask="r" denied_mask="r" fsuid=33 ouid=0
type=SYSCALL msg=audit(1509387714.588:1110): arch=c000003e syscall=2 success=no
exit=-13 a0=55d858e7ed50 a1=80100 a2=7ffc9c561c9b a3=73 items=0 ppid=20174
pid=20175 auid=4294967295 uid=33 gid=33 euid=33 suid=33 fsuid=33 egid=33
sgid=33 fsgid=33 tty=(none) ses=4294967295 comm="apt-cache"
exe="/usr/bin/apt-cache" key=(null)
type=PROCTITLE msg=audit(1509387714.588:1110):
proctitle=6170742D636163686500706F6C696379
type=AVC msg=audit(1509387714.588:1111): apparmor="DENIED" operation="open"
profile="/usr/sbin/apache2//phpsysinfo"
name="/etc/apt/apt.conf.d/20auto-upgrades" pid=20175 comm="apt-cache"
requested_mask="r" denied_mask="r" fsuid=33 ouid=0
type=SYSCALL msg=audit(1509387714.588:1111): arch=c000003e syscall=2 success=no
exit=-13 a0=55d858e7eb30 a1=80100 a2=7ffc9c561c9b a3=73 items=0 ppid=20174
pid=20175 auid=4294967295 uid=33 gid=33 euid=33 suid=33 fsuid=33 egid=33
sgid=33 fsgid=33 tty=(none) ses=4294967295 comm="apt-cache"
exe="/usr/bin/apt-cache" key=(null)
type=PROCTITLE msg=audit(1509387714.588:1111):
proctitle=6170742D636163686500706F6C696379
type=AVC msg=audit(1509387714.588:1112): apparmor="DENIED" operation="open"
profile="/usr/sbin/apache2//phpsysinfo"
name="/etc/apt/apt.conf.d/20listchanges" pid=20175 comm="apt-cache"
requested_mask="r" denied_mask="r" fsuid=33 ouid=0
type=SYSCALL msg=audit(1509387714.588:1112): arch=c000003e syscall=2 success=no
exit=-13 a0=55d858e83370 a1=80100 a2=7ffc9c561c9b a3=73 items=0 ppid=20174
pid=20175 auid=4294967295 uid=33 gid=33 euid=33 suid=33 fsuid=33 egid=33
sgid=33 fsgid=33 tty=(none) ses=4294967295 comm="apt-cache"
exe="/usr/bin/apt-cache" key=(null)
type=PROCTITLE msg=audit(1509387714.588:1112):
proctitle=6170742D636163686500706F6C696379
type=AVC msg=audit(1509387714.588:1113): apparmor="DENIED" operation="open"
profile="/usr/sbin/apache2//phpsysinfo" name="/etc/apt/apt.conf.d/20packagekit"
pid=20175 comm="apt-cache" requested_mask="r" denied_mask="r" fsuid=33 ouid=0
type=SYSCALL msg=audit(1509387714.588:1113): arch=c000003e syscall=2 success=no
exit=-13 a0=55d858e7ec90 a1=80100 a2=7ffc9c561c9b a3=73 items=0 ppid=20174
pid=20175 auid=4294967295 uid=33 gid=33 euid=33 suid=33 fsuid=33 egid=33
sgid=33 fsgid=33 tty=(none) ses=4294967295 comm="apt-cache"
exe="/usr/bin/apt-cache" key=(null)
type=PROCTITLE msg=audit(1509387714.588:1113):
proctitle=6170742D636163686500706F6C696379
type=AVC msg=audit(1509387714.588:1114): apparmor="DENIED" operation="open"
profile="/usr/sbin/apache2//phpsysinfo" name="/etc/apt/apt.conf.d/50appstream"
pid=20175 comm="apt-cache" requested_mask="r" denied_mask="r" fsuid=33 ouid=0
type=SYSCALL msg=audit(1509387714.588:1114): arch=c000003e syscall=2 success=no
exit=-13 a0=55d858e7ed20 a1=80100 a2=7ffc9c561c9b a3=73 items=0 ppid=20174
pid=20175 auid=4294967295 uid=33 gid=33 euid=33 suid=33 fsuid=33 egid=33
sgid=33 fsgid=33 tty=(none) ses=4294967295 comm="apt-cache"
exe="/usr/bin/apt-cache" key=(null)
type=PROCTITLE msg=audit(1509387714.588:1114):
proctitle=6170742D636163686500706F6C696379
type=AVC msg=audit(1509387714.588:1115): apparmor="DENIED" operation="open"
profile="/usr/sbin/apache2//phpsysinfo"
name="/etc/apt/apt.conf.d/50apt-file.conf" pid=20175 comm="apt-cache"
requested_mask="r" denied_mask="r" fsuid=33 ouid=0
type=SYSCALL msg=audit(1509387714.588:1115): arch=c000003e syscall=2 success=no
exit=-13 a0=55d858e80ce0 a1=80100 a2=7ffc9c561c9b a3=73 items=0 ppid=20174
pid=20175 auid=4294967295 uid=33 gid=33 euid=33 suid=33 fsuid=33 egid=33
sgid=33 fsgid=33 tty=(none) ses=4294967295 comm="apt-cache"
exe="/usr/bin/apt-cache" key=(null)
type=PROCTITLE msg=audit(1509387714.588:1115):
proctitle=6170742D636163686500706F6C696379
type=AVC msg=audit(1509387714.588:1116): apparmor="DENIED" operation="open"
profile="/usr/sbin/apache2//phpsysinfo"
name="/etc/apt/apt.conf.d/50unattended-upgrades" pid=20175 comm="apt-cache"
requested_mask="r" denied_mask="r" fsuid=33 ouid=0
type=SYSCALL msg=audit(1509387714.588:1116): arch=c000003e syscall=2 success=no
exit=-13 a0=55d858e7f3f0 a1=80100 a2=7ffc9c561c9b a3=73 items=0 ppid=20174
pid=20175 auid=4294967295 uid=33 gid=33 euid=33 suid=33 fsuid=33 egid=33
sgid=33 fsgid=33 tty=(none) ses=4294967295 comm="apt-cache"
exe="/usr/bin/apt-cache" key=(null)
type=PROCTITLE msg=audit(1509387714.588:1116):
proctitle=6170742D636163686500706F6C696379
type=AVC msg=audit(1509387714.588:1117): apparmor="DENIED" operation="open"
profile="/usr/sbin/apache2//phpsysinfo" name="/etc/apt/apt.conf.d/60apper"
pid=20175 comm="apt-cache" requested_mask="r" denied_mask="r" fsuid=33 ouid=0
type=SYSCALL msg=audit(1509387714.588:1117): arch=c000003e syscall=2 success=no
exit=-13 a0=55d858e83130 a1=80100 a2=7ffc9c561c9b a3=73 items=0 ppid=20174
pid=20175 auid=4294967295 uid=33 gid=33 euid=33 suid=33 fsuid=33 egid=33
sgid=33 fsgid=33 tty=(none) ses=4294967295 comm="apt-cache"
exe="/usr/bin/apt-cache" key=(null)
type=PROCTITLE msg=audit(1509387714.588:1117):
proctitle=6170742D636163686500706F6C696379
type=AVC msg=audit(1509387714.588:1118): apparmor="DENIED" operation="open"
profile="/usr/sbin/apache2//phpsysinfo"
name="/etc/apt/apt.conf.d/60plasma-discover" pid=20175 comm="apt-cache"
requested_mask="r" denied_mask="r" fsuid=33 ouid=0
type=SYSCALL msg=audit(1509387714.588:1118): arch=c000003e syscall=2 success=no
exit=-13 a0=55d858e7ecf0 a1=80100 a2=7ffc9c561c9b a3=73 items=0 ppid=20174
pid=20175 auid=4294967295 uid=33 gid=33 euid=33 suid=33 fsuid=33 egid=33
sgid=33 fsgid=33 tty=(none) ses=4294967295 comm="apt-cache"
exe="/usr/bin/apt-cache" key=(null)
type=PROCTITLE msg=audit(1509387714.588:1118):
proctitle=6170742D636163686500706F6C696379
type=AVC msg=audit(1509387714.588:1119): apparmor="DENIED" operation="open"
profile="/usr/sbin/apache2//phpsysinfo" name="/etc/apt/apt.conf.d/70debconf"
pid=20175 comm="apt-cache" requested_mask="r" denied_mask="r" fsuid=33 ouid=0
type=SYSCALL msg=audit(1509387714.588:1119): arch=c000003e syscall=2 success=no
exit=-13 a0=55d858e82010 a1=80100 a2=7ffc9c561c9b a3=73 items=0 ppid=20174
pid=20175 auid=4294967295 uid=33 gid=33 euid=33 suid=33 fsuid=33 egid=33
sgid=33 fsgid=33 tty=(none) ses=4294967295 comm="apt-cache"
exe="/usr/bin/apt-cache" key=(null)
type=AVC msg=audit(1509387714.588:1120): apparmor="DENIED" operation="open"
profile="/usr/sbin/apache2//phpsysinfo" name="/usr/share/dpkg/tupletable"
pid=20175 comm="apt-cache" requested_mask="r" denied_mask="r" fsuid=33 ouid=0
type=SYSCALL msg=audit(1509387714.588:1120): arch=c000003e syscall=2 success=no
exit=-13 a0=55d858e83110 a1=0 a2=1b6 a3=0 items=0 ppid=20174 pid=20175
auid=4294967295 uid=33 gid=33 euid=33 suid=33 fsuid=33 egid=33 sgid=33 fsgid=33
tty=(none) ses=4294967295 comm="apt-cache" exe="/usr/bin/apt-cache" key=(null)
type=PROCTITLE msg=audit(1509387714.588:1120):
proctitle=6170742D636163686500706F6C696379
type=AVC msg=audit(1509387970.588:1221): apparmor="DENIED" operation="open"
profile="/usr/sbin/apache2//phpsysinfo" name="/etc/apt/sources.list" pid=20662
comm="apt-cache" requested_mask="r" denied_mask="r" fsuid=33 ouid=0
type=SYSCALL msg=audit(1509387970.588:1221): arch=c000003e syscall=2 success=no
exit=-13 a0=559251e86810 a1=80100 a2=ffffffff a3=32 items=0 ppid=20661
pid=20662 auid=4294967295 uid=33 gid=33 euid=33 suid=33 fsuid=33 egid=33
sgid=33 fsgid=33 tty=(none) ses=4294967295 comm="apt-cache"
exe="/usr/bin/apt-cache" key=(null)
type=PROCTITLE msg=audit(1509387970.588:1221):
proctitle=6170742D636163686500706F6C696379
type=AVC msg=audit(1509387970.588:1222): apparmor="DENIED" operation="open"
profile="/usr/sbin/apache2//phpsysinfo" name="/etc/apt/sources.list.d/"
pid=20662 comm="apt-cache" requested_mask="r" denied_mask="r" fsuid=33 ouid=0
type=SYSCALL msg=audit(1509387970.588:1222): arch=c000003e syscall=2 success=no
exit=-13 a0=559251e93fc0 a1=90800 a2=7f5c7472eb58 a3=0 items=0 ppid=20661
pid=20662 auid=4294967295 uid=33 gid=33 euid=33 suid=33 fsuid=33 egid=33
sgid=33 fsgid=33 tty=(none) ses=4294967295 comm="apt-cache"
exe="/usr/bin/apt-cache" key=(null)
type=PROCTITLE msg=audit(1509387970.588:1222):
proctitle=6170742D636163686500706F6C696379
type=AVC msg=audit(1509387970.588:1223): apparmor="DENIED" operation="open"
profile="/usr/sbin/apache2//phpsysinfo" name="/var/cache/apt/pkgcache.bin"
pid=20662 comm="apt-cache" requested_mask="r" denied_mask="r" fsuid=33 ouid=0
type=SYSCALL msg=audit(1509387970.588:1223): arch=c000003e syscall=2 success=no
exit=-13 a0=559251e7efa0 a1=0 a2=1b6 a3=0 items=0 ppid=20661 pid=20662
auid=4294967295 uid=33 gid=33 euid=33 suid=33 fsuid=33 egid=33 sgid=33 fsgid=33
tty=(none) ses=4294967295 comm="apt-cache" exe="/usr/bin/apt-cache" key=(null)
type=PROCTITLE msg=audit(1509387970.588:1223):
proctitle=6170742D636163686500706F6C696379
type=AVC msg=audit(1509387970.588:1224): apparmor="DENIED" operation="open"
profile="/usr/sbin/apache2//phpsysinfo" name="/var/cache/apt/srcpkgcache.bin"
pid=20662 comm="apt-cache" requested_mask="r" denied_mask="r" fsuid=33 ouid=0
type=SYSCALL msg=audit(1509387970.588:1224): arch=c000003e syscall=2 success=no
exit=-13 a0=559251e7efa0 a1=0 a2=1b6 a3=0 items=0 ppid=20661 pid=20662
auid=4294967295 uid=33 gid=33 euid=33 suid=33 fsuid=33 egid=33 sgid=33 fsgid=33
tty=(none) ses=4294967295 comm="apt-cache" exe="/usr/bin/apt-cache" key=(null)
type=PROCTITLE msg=audit(1509387970.588:1224):
proctitle=6170742D636163686500706F6C696379
type=AVC msg=audit(1509387970.588:1225): apparmor="DENIED" operation="exec"
profile="/usr/sbin/apache2//phpsysinfo" name="/usr/bin/dpkg" pid=20663
comm="apt-cache" requested_mask="x" denied_mask="x" fsuid=33 ouid=0
type=SYSCALL msg=audit(1509387970.588:1225): arch=c000003e syscall=59
success=no exit=-13 a0=559251e83a90 a1=559251e83960 a2=7ffcc3fc9cb0 a3=2
items=0 ppid=20662 pid=20663 auid=4294967295 uid=33 gid=33 euid=33 suid=33
fsuid=33 egid=33 sgid=33 fsgid=33 tty=(none) ses=4294967295 comm="apt-cache"
exe="/usr/bin/apt-cache" key=(null)
type=PROCTITLE msg=audit(1509387970.588:1225):
proctitle=6170742D636163686500706F6C696379
type=AVC msg=audit(1509387970.592:1226): apparmor="DENIED" operation="open"
profile="/usr/sbin/apache2//phpsysinfo" name="/var/lib/apt/lists/" pid=20662
comm="apt-cache" requested_mask="r" denied_mask="r" fsuid=33 ouid=0
type=SYSCALL msg=audit(1509387970.592:1226): arch=c000003e syscall=2 success=no
exit=-13 a0=559251e83490 a1=90800 a2=13 a3=32 items=0 ppid=20661 pid=20662
auid=4294967295 uid=33 gid=33 euid=33 suid=33 fsuid=33 egid=33 sgid=33 fsgid=33
tty=(none) ses=4294967295 comm="apt-cache" exe="/usr/bin/apt-cache" key=(null)
type=PROCTITLE msg=audit(1509387970.592:1226):
proctitle=6170742D636163686500706F6C696379
type=AVC msg=audit(1509387970.624:1228): apparmor="DENIED" operation="open"
profile="/usr/sbin/apache2//phpsysinfo" name="/etc/apt/preferences.d/"
pid=20662 comm="apt-cache" requested_mask="r" denied_mask="r" fsuid=33 ouid=0
type=SYSCALL msg=audit(1509387970.624:1228): arch=c000003e syscall=2 success=no
exit=-13 a0=559251e97260 a1=90800 a2=7f5c7472eb58 a3=0 items=0 ppid=20661
pid=20662 auid=4294967295 uid=33 gid=33 euid=33 suid=33 fsuid=33 egid=33
sgid=33 fsgid=33 tty=(none) ses=4294967295 comm="apt-cache"
exe="/usr/bin/apt-cache" key=(null)
type=PROCTITLE msg=audit(1509387970.624:1228):
proctitle=6170742D636163686500706F6C696379
type=AVC msg=audit(1509388530.019:1358): apparmor="DENIED" operation="open"
profile="/usr/sbin/apache2//phpsysinfo" name="/etc/dpkg/dpkg.cfg.d/" pid=21282
comm="dpkg" requested_mask="r" denied_mask="r" fsuid=33 ouid=0
type=SYSCALL msg=audit(1509388530.019:1358): arch=c000003e syscall=2 success=no
exit=-13 a0=558cb85ef650 a1=90800 a2=558cb8149c70 a3=73 items=0 ppid=21281
pid=21282 auid=4294967295 uid=33 gid=33 euid=33 suid=33 fsuid=33 egid=33
sgid=33 fsgid=33 tty=(none) ses=4294967295 comm="dpkg" exe="/usr/bin/dpkg"
key=(null)
type=PROCTITLE msg=audit(1509388530.019:1358):
proctitle=2F7573722F62696E2F64706B67002D2D7072696E742D666F726569676E2D61726368697465637475726573
type=AVC msg=audit(1509388530.019:1359): apparmor="DENIED" operation="mknod"
profile="/usr/sbin/apache2//phpsysinfo" name="/tmp/fileutl.message.AWZFtl"
pid=21281 comm="apt-cache" requested_mask="c" denied_mask="c" fsuid=33 ouid=33
type=SYSCALL msg=audit(1509388530.019:1359): arch=c000003e syscall=2 success=no
exit=-13 a0=559c1bfd3060 a1=c2 a2=180 a3=7ffe1ae847d0 items=0 ppid=21280
pid=21281 auid=4294967295 uid=33 gid=33 euid=33 suid=33 fsuid=33 egid=33
sgid=33 fsgid=33 tty=(none) ses=4294967295 comm="apt-cache"
exe="/usr/bin/apt-cache" key=(null)
type=PROCTITLE msg=audit(1509388530.019:1359):
proctitle=6170742D636163686500706F6C696379
type=AVC msg=audit(1509388717.687:1405): apparmor="DENIED" operation="open"
profile="/usr/sbin/apache2//phpsysinfo"
name="/etc/dpkg/dpkg.cfg.d/pkg-config-hook-config" pid=21673 comm="dpkg"
requested_mask="r" denied_mask="r" fsuid=33 ouid=0
type=SYSCALL msg=audit(1509388717.687:1405): arch=c000003e syscall=2 success=no
exit=-13 a0=5559401556e0 a1=0 a2=1b6 a3=0 items=0 ppid=21672 pid=21673
auid=4294967295 uid=33 gid=33 euid=33 suid=33 fsuid=33 egid=33 sgid=33 fsgid=33
tty=(none) ses=4294967295 comm="dpkg" exe="/usr/bin/dpkg" key=(null)
type=PROCTITLE msg=audit(1509388717.687:1405):
proctitle=2F7573722F62696E2F64706B67002D2D7072696E742D666F726569676E2D61726368697465637475726573
type=AVC msg=audit(1509388717.687:1406): apparmor="DENIED" operation="open"
profile="/usr/sbin/apache2//phpsysinfo" name="/etc/dpkg/dpkg.cfg" pid=21673
comm="dpkg" requested_mask="r" denied_mask="r" fsuid=33 ouid=0
type=SYSCALL msg=audit(1509388717.687:1406): arch=c000003e syscall=2 success=no
exit=-13 a0=555940155650 a1=0 a2=1b6 a3=0 items=0 ppid=21672 pid=21673
auid=4294967295 uid=33 gid=33 euid=33 suid=33 fsuid=33 egid=33 sgid=33 fsgid=33
tty=(none) ses=4294967295 comm="dpkg" exe="/usr/bin/dpkg" key=(null)
type=PROCTITLE msg=audit(1509388717.687:1406):
proctitle=2F7573722F62696E2F64706B67002D2D7072696E742D666F726569676E2D61726368697465637475726573
type=AVC msg=audit(1509388717.687:1407): apparmor="DENIED" operation="open"
profile="/usr/sbin/apache2//phpsysinfo"
name="/var/lib/apt/lists/ftp.lt.debian.org_debian_dists_sid_InRelease"
pid=21672 comm="apt-cache" requested_mask="r" denied_mask="r" fsuid=33 ouid=0
type=SYSCALL msg=audit(1509388717.687:1407): arch=c000003e syscall=2 success=no
exit=-13 a0=55d03aa41fc0 a1=0 a2=1b6 a3=0 items=0 ppid=21671 pid=21672
auid=4294967295 uid=33 gid=33 euid=33 suid=33 fsuid=33 egid=33 sgid=33 fsgid=33
tty=(none) ses=4294967295 comm="apt-cache" exe="/usr/bin/apt-cache" key=(null)
type=PROCTITLE msg=audit(1509388717.687:1407):
proctitle=6170742D636163686500706F6C696379
--
Your team AppArmor Developers is requested to review the proposed merge of
lp:~talkless/apparmor/apparmor into lp:apparmor.
=== modified file 'profiles/apparmor.d/apache2.d/phpsysinfo'
--- profiles/apparmor.d/apache2.d/phpsysinfo 2015-10-20 21:12:35 +0000
+++ profiles/apparmor.d/apache2.d/phpsysinfo 2017-10-30 19:02:06 +0000
@@ -10,23 +10,43 @@
/{,usr/}bin/dash ixr,
/{,usr/}bin/df ixr,
+ /{,usr/}bin/dmesg ixr,
+ /{,usr/}bin/dpkg ixr,
+ /{,usr/}bin/ip ixr,
+ /{,usr/}bin/locale ixr,
/{,usr/}bin/mount ixr,
/{,usr/}bin/uname ixr,
/dev/bus/usb/ r,
/dev/bus/usb/** r,
+ /dev/kmsg r,
+ /etc/apt/apt.conf.d/ r,
+ /etc/apt/apt.conf.d/** r,
+ /etc/apt/preferences.d/ r,
+ /etc/apt/sources.list r,
+ /etc/apt/sources.list.d/ r,
+ /etc/apt/sources.list.d/** r,
/etc/debian_version r,
+ /etc/default/locale r,
+ /etc/dpkg/dpkg.cfg r,
+ /etc/dpkg/dpkg.cfg.d/ r,
+ /etc/dpkg/dpkg.cfg.d/** r,
+ /etc/dpkg/origins/debian r,
+ /etc/iproute2/group r,
/etc/lsb-release r,
/etc/mtab r,
- /etc/phpsysinfo/config.php r,
+ /etc/phpsysinfo/{config.php,phpsysinfo.ini} r,
/etc/udev/udev.conf r,
+ @{PROC}/ r,
@{PROC}/** r,
/sys/bus/ r,
+ /sys/bus/i2c/devices/ r,
/sys/bus/pci/devices/ r,
/sys/bus/pci/slots/ r,
/sys/bus/pci/slots/** r,
/sys/bus/usb/devices/ r,
/sys/class/ r,
/sys/devices/** r,
+ owner /tmp/fileutl.message.* rw,
/usr/bin/ r,
/usr/bin/apt-cache ixr,
/usr/bin/dpkg-query ixr,
@@ -34,7 +54,12 @@
/usr/bin/lspci ixr,
/usr/bin/who ixr,
/usr/{,s}bin/lsusb ixr,
+ /usr/share/dpkg/{cputable,tupletable} r,
/usr/share/phpsysinfo/** r,
+ /usr/share/distro-info/debian.csv r,
+ /var/cache/apt/{pkgcache.bin,srcpackage.bin} r,
+ /var/lib/apt/lists/ r,
+ /var/lib/apt/lists/** r,
/var/lib/dpkg/arch r,
/var/lib/dpkg/available r,
/var/lib/dpkg/status r,
@@ -44,5 +69,6 @@
/var/log/apache2/access.log w,
/var/log/apache2/error.log w,
/{,var/}run/utmp rk,
+ /{,var/}run/udev/data/* r,
/usr/share/misc/pci.ids r,
}
--
AppArmor mailing list
[email protected]
Modify settings or unsubscribe at:
https://lists.ubuntu.com/mailman/listinfo/apparmor
