Bug#962006: apparmor="DENIED" operation="capable" profile="/usr/bin/man"
Package: man-db Followup-For: Bug #962006 Dear Maintainer, please take the claim "reproduce" as "trigger it once". Regards, xiscu -- System Information: Debian Release: bullseye/sid APT prefers testing APT policy: (900, 'testing'), (10, 'unstable'), (1, 'experimental') Architecture: amd64 (x86_64) Kernel: Linux 5.6.0-2-amd64 (SMP w/4 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_US:en (charmap=UTF-8) Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages man-db depends on: ii bsdmainutils 11.1.2+b1 ii debconf [debconf-2.0] 1.5.74 ii dpkg 1.19.7 ii groff-base 1.22.4-5 ii libc6 2.30-8 ii libgdbm6 1.18.1-5 ii libpipeline1 1.5.2-2 ii libseccomp22.4.3-1+b1 ii zlib1g 1:1.2.11.dfsg-2 man-db recommends no packages. Versions of packages man-db suggests: ii apparmor2.13.4-2 ii chromium [www-browser] 81.0.4044.92-1 ii firefox [www-browser] 70.0.1-1+b1 pn groff ii less551-1 ii lynx [www-browser] 2.9.0dev.5-1 ii surf [www-browser] 2.0+git20190208-2 -- debconf information: man-db/install-setuid: false man-db/auto-update: true
Bug#962006: apparmor="DENIED" operation="capable" profile="/usr/bin/man"
Package: man-db Version: 2.9.2-1 Followup-For: Bug #962006 Dear Maintainer, I'm able to repoduce with: > man -k man-recode > then on the logs appear: audit[42467]: AVC apparmor="DENIED" operation="capable" profile="/usr/bin/man" pid=42467 comm="apropos" capability=2 capname="dac_read_search" Jun 13 16:46:37 r5 kernel: kauditd_printk_skb: 32 callbacks suppressed Jun 13 16:46:37 r5 kernel: audit: type=1400 audit(1592059597.777:44): apparmor="DENIED" operation="capable" profile="/usr/bin/man" pid=42467 comm="apropos" capability=2 capname="dac_read_search" Jun 13 16:46:37 r5 kernel: audit: type=1400 audit(1592059597.777:45): apparmor="DENIED" operation="capable" profile="/usr/bin/man" pid=42467 comm="apropos" capability=1 capname="dac_override" Jun 13 16:46:37 r5 audit[42467]: AVC apparmor="DENIED" operation="capable" profile="/usr/bin/man" pid=42467 comm="apropos" capability=1 capname="dac_override" Jun 13 16:46:42 r5 wpa_supplicant[772]: wlan0: WPA: Group rekeying completed with e0:28:6d:69:7a:f7 [GTK=CCMP] Jun 13 16:46:48 r5 audit[42498]: AVC apparmor="DENIED" operation="capable" profile="/usr/bin/man" pid=42498 comm="man" capability=2 capname="dac_read_search" Jun 13 16:46:48 r5 audit[42498]: AVC apparmor="DENIED" operation="capable" profile="/usr/bin/man" pid=42498 comm="man" capability=1 capname="dac_override" Hope it helps! xiscu -- System Information: Debian Release: bullseye/sid APT prefers testing APT policy: (900, 'testing'), (10, 'unstable'), (1, 'experimental') Architecture: amd64 (x86_64) Kernel: Linux 5.6.0-2-amd64 (SMP w/4 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_US:en (charmap=UTF-8) Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages man-db depends on: ii bsdmainutils 11.1.2+b1 ii debconf [debconf-2.0] 1.5.74 ii dpkg 1.19.7 ii groff-base 1.22.4-5 ii libc6 2.30-8 ii libgdbm6 1.18.1-5 ii libpipeline1 1.5.2-2 ii libseccomp22.4.3-1+b1 ii zlib1g 1:1.2.11.dfsg-2 man-db recommends no packages. Versions of packages man-db suggests: ii apparmor2.13.4-2 ii chromium [www-browser] 81.0.4044.92-1 ii firefox [www-browser] 70.0.1-1+b1 pn groff ii less551-1 ii lynx [www-browser] 2.9.0dev.5-1 ii surf [www-browser] 2.0+git20190208-2 -- debconf information excluded
Bug#962006: apparmor="DENIED" operation="capable" profile="/usr/bin/man"
Control: reassign -1 man-db Hi, xiscu (2020-06-01): > for time to time I get the audit message on the logs (journalctl -l) : > > audit[1505920]: AVC apparmor="DENIED" operation="capable" > profile="/usr/bin/man" pid=1505920 comm="man" capability=2 > capname="dac_read_search" > kernel: audit: type=1400 audit(1591047259.546:1837): apparmor="DENIED" > operation="capable" profile="/usr/bin/man" pid=1505920 comm="man" > capability=2 capname="dac_read_search" I'm reassigning this to the package (man-db) that ships the /usr/bin/man AppArmor profile. FWIW, I don't see this in my logs here. Cheers!
Bug#962006: apparmor="DENIED" operation="capable" profile="/usr/bin/man"
Package: apparmor Version: 2.13.4-1+b1 Severity: normal Dear Maintainer, for time to time I get the audit message on the logs (journalctl -l) : audit[1505920]: AVC apparmor="DENIED" operation="capable" profile="/usr/bin/man" pid=1505920 comm="man" capability=2 capname="dac_read_search" kernel: audit: type=1400 audit(1591047259.546:1837): apparmor="DENIED" operation="capable" profile="/usr/bin/man" pid=1505920 comm="man" capability=2 capname="dac_read_search" I'm not sure if related but e.g. : > man man No manual entry for man and other pages doesn't seem to render on the terminal. I get can get around it with 'dman' Thanks in advance, xiscu -- System Information: Debian Release: bullseye/sid APT prefers testing APT policy: (900, 'testing'), (10, 'unstable'), (1, 'experimental') Architecture: amd64 (x86_64) Kernel: Linux 5.6.0-1-amd64 (SMP w/4 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_US:en (charmap=UTF-8) Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages apparmor depends on: ii debconf [debconf-2.0] 1.5.74 ii libc6 2.30-8 ii lsb-base 11.1.0 ii python33.8.2-3 apparmor recommends no packages. Versions of packages apparmor suggests: ii apparmor-profiles-extra 1.27 ii apparmor-utils 2.13.4-1+b1 -- debconf information: apparmor/homedirs: