** Also affects: linux (Ubuntu)
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1117804
Title:
ausearch doesn't show AppArmor denial messages
Status in AppArmor:
Confirmed
Status in audit package in Ubuntu:
Confirmed
Status in linux package in Ubuntu:
New
Bug description:
The following command should display all AVC denials:
ausearch -m avc
However, it doesn't work with AppArmor denials. Here's a quick test
case to generate a denial, search for it with ausearch, and see that
no messages are displayed:
$ aa-exec -p /usr/sbin/tcpdump cat /proc/self/attr/current
cat: /proc/self/attr/current: Permission denied
$ sudo ausearch -m avc -c cat
<no matches>
ausearch claims that there are no matches, but there's a matching
audit message if you look in audit.log:
type=AVC msg=audit(1360193426.539:64): apparmor="DENIED"
operation="open" parent=8253 profile="/usr/sbin/tcpdump"
name="/proc/8485/attr/current" pid=8485 comm="cat" requested_mask="r"
denied_mask="r" fsuid=1000 ouid=1000
To manage notifications about this bug go to:
https://bugs.launchpad.net/apparmor/+bug/1117804/+subscriptions
--
Mailing list: https://launchpad.net/~kernel-packages
Post to : [email protected]
Unsubscribe : https://launchpad.net/~kernel-packages
More help : https://help.launchpad.net/ListHelp
