Hi, debian9 (with auditd) apparmor-2.11.0-3 apparmor-profiles-2.11.0-3 apparmor-profiles-extra-1.11
I'm seeing odd apparmor log messages where the name parameter is not an absolute file system path. They look like: type=AVC msg=audit(1513725614.403:1142439): apparmor="ALLOWED" operation="getattr" info="Failed name lookup - disconnected path" error=-13 profile="/usr/lib/dovecot/imap" name="var/vmailboxes/[email protected]/Maildir/dovecot.index.log" pid=21232 comm="imap" requested_mask="r" denied_mask="r" fsuid=104 ouid=104 There is a /var/vmailboxes... and I have rules for it. Any idea why the leading / is missing from the log message? It's a syntax error to have a rule that isn't for an absolute path. I'm also seeing log messages where the name is a hex string representation of a path (without double quotes). e.g. name=7661722F766D616... Is there a way to prevent this. It means I need to decode paths in log messages before I can add new rules to make the log messages go away. cheers, raf -- AppArmor mailing list [email protected] Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor
