Your message dated Wed, 06 Jul 2022 08:33:55 +0000 with message-id <[email protected]> and subject line Bug#1003153: fixed in apparmor 3.0.4-3 has caused the Debian Bug report #1003153, regarding /etc/apparmor.d/usr.sbin.apache2: Apache profile complains when ss -tnlp is run to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact [email protected] immediately.) -- 1003153: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1003153 Debian Bug Tracking System Contact [email protected] with problems
--- Begin Message ---Package: libapache2-mod-apparmor Version: 2.13.6-10 Severity: minor File: /etc/apparmor.d/usr.sbin.apache2 Hi AppArmor maintainers, I noticed if I (or a script) ran "ss -tnlp" then my logs would show a lot of lines like: audit: type=1400 audit(1641349042.460:2559): apparmor="DENIED" operation="ptrace" profile="apache2//HANDLING_UNTRUSTED_INPUT" pid=2792993 comm="ss" requested_mask="readby" denied_mask="readby" peer="/bin/ss" So ss is doing a ptrace on all the network listeners. The odd thing is that apache is the only one to complain about this even though other daemons listed have their own apparmor profiles. I had to add the following line to the HANDLING_UNTRUSTED_INPUT stanza: ptrace readby peer=/bin/ss, - Craig -- System Information: Debian Release: 11.2 APT prefers stable APT policy: (990, 'stable'), (500, 'stable-updates'), (500, 'stable-security'), (500, 'testing'), (1, 'experimental') Architecture: amd64 (x86_64) Kernel: Linux 5.10.0-10-amd64 (SMP w/1 CPU thread) Locale: LANG=en_AU.UTF-8, LC_CTYPE=en_AU.UTF-8 (charmap=UTF-8), LANGUAGE not set Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages libapache2-mod-apparmor depends on: ii apache2-bin [apache2-api-20120211] 2.4.51-1~deb11u1 ii libapparmor1 2.13.6-10 ii libc6 2.31-13+deb11u2 libapache2-mod-apparmor recommends no packages. libapache2-mod-apparmor suggests no packages. -- Configuration Files: /etc/apparmor.d/usr.sbin.apache2 changed: -- no debconf information
--- End Message ---
--- Begin Message ---Source: apparmor Source-Version: 3.0.4-3 Done: intrigeri <[email protected]> We believe that the bug you reported is fixed in the latest version of apparmor, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to [email protected], and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. intrigeri <[email protected]> (supplier of updated apparmor package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing [email protected]) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Wed, 06 Jul 2022 07:48:25 +0000 Source: apparmor Architecture: source Version: 3.0.4-3 Distribution: unstable Urgency: medium Maintainer: Debian AppArmor Team <[email protected]> Changed-By: intrigeri <[email protected]> Closes: 1003153 Changes: apparmor (3.0.4-3) unstable; urgency=medium . * Cherry-pick 7 patches from upstream apparmor-3.0 branch (Closes: #1003153) * Adjust overrides for recent Lintian * Override Lintian false positives Checksums-Sha1: 0ee615f677111978f9dc3336e5d778221ca6cd41 2986 apparmor_3.0.4-3.dsc 7c6e73eb518f3d783c6a9168e873077c34532517 94276 apparmor_3.0.4-3.debian.tar.xz Checksums-Sha256: 8278551c4b93f6bbb5e69ab102e379bead2ccca80e4843b63008ea619ca168ec 2986 apparmor_3.0.4-3.dsc ada02bb61f5ad7bde859507cb6f5480737fe1c718fe1136893a137a3ab023fdf 94276 apparmor_3.0.4-3.debian.tar.xz Files: d0cfd2969daaff3c9581621a6a2a2d05 2986 admin optional apparmor_3.0.4-3.dsc 340d0ec5f6fb3d09343a3028475e7a59 94276 admin optional apparmor_3.0.4-3.debian.tar.xz -----BEGIN PGP SIGNATURE----- iIsEARYKADMWIQRhtDRcZu/HkP7YWcafj6cvaVTDowUCYsVDvRUcaW50cmlnZXJp QGRlYmlhbi5vcmcACgkQn4+nL2lUw6N/6gEAsop0W0FFmVZ8OsAN/dxiV1SW2GSf 8Iizjg0LR7cRki8A/R2tE981xdKB/3U53tJoicnDpH+/ZYJ4mJ3hJ2uav0EN =REAa -----END PGP SIGNATURE-----
--- End Message ---
