subject:"\[Kernel\-packages\] \[Bug 1473584\] Re\: AUDIT_USER_AVC messages are not printk'ed when auditd is not running"

[Kernel-packages] [Bug 1473584] Re: AUDIT_USER_AVC messages are not printk'ed when auditd is not running

2015-09-03 Thread Launchpad Bug Tracker

This bug was fixed in the package linux-mako - 3.4.0-6.37~15.04.1

---
linux-mako (3.4.0-6.37~15.04.1) vivid; urgency=low

  [ Upstream Kernel Changes ]

  * audit: printk USER_AVC messages when audit isn't enabled
- LP: #1473584

 -- Tim Gardner   Mon, 13 Jul 2015 14:53:48
-0700

** Changed in: linux-goldfish (Ubuntu Vivid)
   Status: Fix Committed => Fix Released

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux-manta in Ubuntu.
https://bugs.launchpad.net/bugs/1473584

Title:
  AUDIT_USER_AVC messages are not printk'ed when auditd is not running

Status in linux-flo package in Ubuntu:
  Fix Released
Status in linux-goldfish package in Ubuntu:
  Fix Released
Status in linux-mako package in Ubuntu:
  Fix Released
Status in linux-manta package in Ubuntu:
  Fix Released
Status in linux-flo source package in Vivid:
  Fix Released
Status in linux-goldfish source package in Vivid:
  Fix Released
Status in linux-mako source package in Vivid:
  Fix Released
Status in linux-manta source package in Vivid:
  Fix Released

Bug description:
  The auditd daemon is not part of the default phone images. At the
  kernel level, the audit_enabled variable remains 0 until an auditd
  daemon registers itself. There is a bug in old kernels that causes
  AUDIT_USER_AVC messages to be ignored when audit_enabled is 0. I fixed
  the bug several years ago and marked the patch for the stable tree but
  the phone kernels (mako, at least) did not pull in the patch. The
  upstream commit id is:

    0868a5e150bc4c47e7a003367cd755811eb41e0b

  What this means for our phone images is that any denial messages from
  the system D-Bus daemon are dropped instead of being properly routed
  to the syslog. This results in headaches for debugging app confinement
  denials.

  == Verification Steps ==

  # Load an AppArmor profile for testing
  $ echo "profile test { file, signal, unix, }" | sudo apparmor_parser -rq

  # Verify that we can talk to the system bus
  $ dbus-send --print-reply --system --dest=org.freedesktop.DBus 
/org/freedesktop/DBus org.freedesktop.DBus.ListNames
  method return sender=org.freedesktop.DBus -> dest=:1.90 reply_serial=2
     array [
    string "org.freedesktop.DBus"
     ...

  # Clear the dmesg buffer
  $ sudo dmesg -C

  # Attempt to talk to the system bus under confinement
  $ aa-exec -p test -- dbus-send --print-reply --system 
--dest=org.freedesktop.DBus /org/freedesktop/DBus org.freedesktop.DBus.ListNames
  Failed to open connection to "system" message bus: An AppArmor policy 
prevents this sender from sending this message to this recipient; 
type="method_call", sender="(null)" (inactive) interface="org.freedesktop.DBus" 
member="Hello" error name="(unset)" requested_reply="0" 
destination="org.freedesktop.DBus" (bus)

  # We should now see an AppArmor denial in the dmesg output.
  # Successful fix verification *must* show the denial from the D-Bus daemon.
  $ sudo dmesg | grep DENIED
  [  187.737219] type=1107 audit(1438385684.065:149): pid=826 uid=102 
auid=4294967295 ses=4294967295 msg='apparmor="DENIED" 
operation="dbus_method_call"  bus="system" path="/org/freedesktop/DBus" 
interface="org.freedesktop.DBus" member="Hello" mask="send" 
name="org.freedesktop.DBus" pid=6721 label="test" peer_label="unconfined"

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux-flo/+bug/1473584/+subscriptions

-- 
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help   : https://help.launchpad.net/ListHelp

[Kernel-packages] [Bug 1473584] Re: AUDIT_USER_AVC messages are not printk'ed when auditd is not running

2015-09-03 Thread Launchpad Bug Tracker

This bug was fixed in the package linux-goldfish - 3.4.0-4.24~15.04.1

---
linux-goldfish (3.4.0-4.24~15.04.1) vivid; urgency=low

  [ Upstream Kernel Changes ]

  * audit: printk USER_AVC messages when audit isn't enabled
- LP: #1473584

 -- Tim Gardner   Mon, 13 Jul 2015 14:57:44
-0700

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux-manta in Ubuntu.
https://bugs.launchpad.net/bugs/1473584

Title:
  AUDIT_USER_AVC messages are not printk'ed when auditd is not running

Status in linux-flo package in Ubuntu:
  Fix Released
Status in linux-goldfish package in Ubuntu:
  Fix Released
Status in linux-mako package in Ubuntu:
  Fix Released
Status in linux-manta package in Ubuntu:
  Fix Released
Status in linux-flo source package in Vivid:
  Fix Released
Status in linux-goldfish source package in Vivid:
  Fix Released
Status in linux-mako source package in Vivid:
  Fix Released
Status in linux-manta source package in Vivid:
  Fix Released

Bug description:
  The auditd daemon is not part of the default phone images. At the
  kernel level, the audit_enabled variable remains 0 until an auditd
  daemon registers itself. There is a bug in old kernels that causes
  AUDIT_USER_AVC messages to be ignored when audit_enabled is 0. I fixed
  the bug several years ago and marked the patch for the stable tree but
  the phone kernels (mako, at least) did not pull in the patch. The
  upstream commit id is:

    0868a5e150bc4c47e7a003367cd755811eb41e0b

  What this means for our phone images is that any denial messages from
  the system D-Bus daemon are dropped instead of being properly routed
  to the syslog. This results in headaches for debugging app confinement
  denials.

  == Verification Steps ==

  # Load an AppArmor profile for testing
  $ echo "profile test { file, signal, unix, }" | sudo apparmor_parser -rq

  # Verify that we can talk to the system bus
  $ dbus-send --print-reply --system --dest=org.freedesktop.DBus 
/org/freedesktop/DBus org.freedesktop.DBus.ListNames
  method return sender=org.freedesktop.DBus -> dest=:1.90 reply_serial=2
     array [
    string "org.freedesktop.DBus"
     ...

  # Clear the dmesg buffer
  $ sudo dmesg -C

  # Attempt to talk to the system bus under confinement
  $ aa-exec -p test -- dbus-send --print-reply --system 
--dest=org.freedesktop.DBus /org/freedesktop/DBus org.freedesktop.DBus.ListNames
  Failed to open connection to "system" message bus: An AppArmor policy 
prevents this sender from sending this message to this recipient; 
type="method_call", sender="(null)" (inactive) interface="org.freedesktop.DBus" 
member="Hello" error name="(unset)" requested_reply="0" 
destination="org.freedesktop.DBus" (bus)

  # We should now see an AppArmor denial in the dmesg output.
  # Successful fix verification *must* show the denial from the D-Bus daemon.
  $ sudo dmesg | grep DENIED
  [  187.737219] type=1107 audit(1438385684.065:149): pid=826 uid=102 
auid=4294967295 ses=4294967295 msg='apparmor="DENIED" 
operation="dbus_method_call"  bus="system" path="/org/freedesktop/DBus" 
interface="org.freedesktop.DBus" member="Hello" mask="send" 
name="org.freedesktop.DBus" pid=6721 label="test" peer_label="unconfined"

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux-flo/+bug/1473584/+subscriptions

-- 
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help   : https://help.launchpad.net/ListHelp

[Kernel-packages] [Bug 1473584] Re: AUDIT_USER_AVC messages are not printk'ed when auditd is not running

2015-09-03 Thread Launchpad Bug Tracker

This bug was fixed in the package linux-flo - 3.4.0-4.18~15.04.1

---
linux-flo (3.4.0-4.18~15.04.1) vivid; urgency=low

  [ Upstream Kernel Changes ]

  * audit: printk USER_AVC messages when audit isn't enabled
- LP: #1473584

 -- Tim Gardner   Mon, 13 Jul 2015 14:39:54
-0700

** Changed in: linux-flo (Ubuntu Vivid)
   Status: Fix Committed => Fix Released

** Changed in: linux-manta (Ubuntu Vivid)
   Status: Fix Committed => Fix Released

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux-manta in Ubuntu.
https://bugs.launchpad.net/bugs/1473584

Title:
  AUDIT_USER_AVC messages are not printk'ed when auditd is not running

Status in linux-flo package in Ubuntu:
  Fix Released
Status in linux-goldfish package in Ubuntu:
  Fix Released
Status in linux-mako package in Ubuntu:
  Fix Released
Status in linux-manta package in Ubuntu:
  Fix Released
Status in linux-flo source package in Vivid:
  Fix Released
Status in linux-goldfish source package in Vivid:
  Fix Released
Status in linux-mako source package in Vivid:
  Fix Released
Status in linux-manta source package in Vivid:
  Fix Released

Bug description:
  The auditd daemon is not part of the default phone images. At the
  kernel level, the audit_enabled variable remains 0 until an auditd
  daemon registers itself. There is a bug in old kernels that causes
  AUDIT_USER_AVC messages to be ignored when audit_enabled is 0. I fixed
  the bug several years ago and marked the patch for the stable tree but
  the phone kernels (mako, at least) did not pull in the patch. The
  upstream commit id is:

    0868a5e150bc4c47e7a003367cd755811eb41e0b

  What this means for our phone images is that any denial messages from
  the system D-Bus daemon are dropped instead of being properly routed
  to the syslog. This results in headaches for debugging app confinement
  denials.

  == Verification Steps ==

  # Load an AppArmor profile for testing
  $ echo "profile test { file, signal, unix, }" | sudo apparmor_parser -rq

  # Verify that we can talk to the system bus
  $ dbus-send --print-reply --system --dest=org.freedesktop.DBus 
/org/freedesktop/DBus org.freedesktop.DBus.ListNames
  method return sender=org.freedesktop.DBus -> dest=:1.90 reply_serial=2
     array [
    string "org.freedesktop.DBus"
     ...

  # Clear the dmesg buffer
  $ sudo dmesg -C

  # Attempt to talk to the system bus under confinement
  $ aa-exec -p test -- dbus-send --print-reply --system 
--dest=org.freedesktop.DBus /org/freedesktop/DBus org.freedesktop.DBus.ListNames
  Failed to open connection to "system" message bus: An AppArmor policy 
prevents this sender from sending this message to this recipient; 
type="method_call", sender="(null)" (inactive) interface="org.freedesktop.DBus" 
member="Hello" error name="(unset)" requested_reply="0" 
destination="org.freedesktop.DBus" (bus)

  # We should now see an AppArmor denial in the dmesg output.
  # Successful fix verification *must* show the denial from the D-Bus daemon.
  $ sudo dmesg | grep DENIED
  [  187.737219] type=1107 audit(1438385684.065:149): pid=826 uid=102 
auid=4294967295 ses=4294967295 msg='apparmor="DENIED" 
operation="dbus_method_call"  bus="system" path="/org/freedesktop/DBus" 
interface="org.freedesktop.DBus" member="Hello" mask="send" 
name="org.freedesktop.DBus" pid=6721 label="test" peer_label="unconfined"

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux-flo/+bug/1473584/+subscriptions

-- 
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help   : https://help.launchpad.net/ListHelp

[Kernel-packages] [Bug 1473584] Re: AUDIT_USER_AVC messages are not printk'ed when auditd is not running

2015-09-03 Thread Launchpad Bug Tracker

This bug was fixed in the package linux-manta - 3.4.0-7.32~15.04.1

---
linux-manta (3.4.0-7.32~15.04.1) vivid; urgency=low

  [ Upstream Kernel Changes ]

  * audit: printk USER_AVC messages when audit isn't enabled
- LP: #1473584

 -- Tim Gardner   Mon, 13 Jul 2015 14:49:51
-0700

** Changed in: linux-mako (Ubuntu Vivid)
   Status: Fix Committed => Fix Released

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux-manta in Ubuntu.
https://bugs.launchpad.net/bugs/1473584

Title:
  AUDIT_USER_AVC messages are not printk'ed when auditd is not running

Status in linux-flo package in Ubuntu:
  Fix Released
Status in linux-goldfish package in Ubuntu:
  Fix Released
Status in linux-mako package in Ubuntu:
  Fix Released
Status in linux-manta package in Ubuntu:
  Fix Released
Status in linux-flo source package in Vivid:
  Fix Released
Status in linux-goldfish source package in Vivid:
  Fix Released
Status in linux-mako source package in Vivid:
  Fix Released
Status in linux-manta source package in Vivid:
  Fix Released

Bug description:
  The auditd daemon is not part of the default phone images. At the
  kernel level, the audit_enabled variable remains 0 until an auditd
  daemon registers itself. There is a bug in old kernels that causes
  AUDIT_USER_AVC messages to be ignored when audit_enabled is 0. I fixed
  the bug several years ago and marked the patch for the stable tree but
  the phone kernels (mako, at least) did not pull in the patch. The
  upstream commit id is:

    0868a5e150bc4c47e7a003367cd755811eb41e0b

  What this means for our phone images is that any denial messages from
  the system D-Bus daemon are dropped instead of being properly routed
  to the syslog. This results in headaches for debugging app confinement
  denials.

  == Verification Steps ==

  # Load an AppArmor profile for testing
  $ echo "profile test { file, signal, unix, }" | sudo apparmor_parser -rq

  # Verify that we can talk to the system bus
  $ dbus-send --print-reply --system --dest=org.freedesktop.DBus 
/org/freedesktop/DBus org.freedesktop.DBus.ListNames
  method return sender=org.freedesktop.DBus -> dest=:1.90 reply_serial=2
     array [
    string "org.freedesktop.DBus"
     ...

  # Clear the dmesg buffer
  $ sudo dmesg -C

  # Attempt to talk to the system bus under confinement
  $ aa-exec -p test -- dbus-send --print-reply --system 
--dest=org.freedesktop.DBus /org/freedesktop/DBus org.freedesktop.DBus.ListNames
  Failed to open connection to "system" message bus: An AppArmor policy 
prevents this sender from sending this message to this recipient; 
type="method_call", sender="(null)" (inactive) interface="org.freedesktop.DBus" 
member="Hello" error name="(unset)" requested_reply="0" 
destination="org.freedesktop.DBus" (bus)

  # We should now see an AppArmor denial in the dmesg output.
  # Successful fix verification *must* show the denial from the D-Bus daemon.
  $ sudo dmesg | grep DENIED
  [  187.737219] type=1107 audit(1438385684.065:149): pid=826 uid=102 
auid=4294967295 ses=4294967295 msg='apparmor="DENIED" 
operation="dbus_method_call"  bus="system" path="/org/freedesktop/DBus" 
interface="org.freedesktop.DBus" member="Hello" mask="send" 
name="org.freedesktop.DBus" pid=6721 label="test" peer_label="unconfined"

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux-flo/+bug/1473584/+subscriptions

-- 
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help   : https://help.launchpad.net/ListHelp

[Kernel-packages] [Bug 1473584] Re: AUDIT_USER_AVC messages are not printk'ed when auditd is not running

2015-07-31 Thread Tyler Hicks

Verified in a goldfish vm.

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux-manta in Ubuntu.
https://bugs.launchpad.net/bugs/1473584

Title:
  AUDIT_USER_AVC messages are not printk'ed when auditd is not running

Status in linux-flo package in Ubuntu:
  Fix Released
Status in linux-goldfish package in Ubuntu:
  Fix Released
Status in linux-mako package in Ubuntu:
  Fix Released
Status in linux-manta package in Ubuntu:
  Fix Released
Status in linux-flo source package in Vivid:
  Fix Committed
Status in linux-goldfish source package in Vivid:
  Fix Committed
Status in linux-mako source package in Vivid:
  Fix Committed
Status in linux-manta source package in Vivid:
  Fix Committed

Bug description:
  The auditd daemon is not part of the default phone images. At the
  kernel level, the audit_enabled variable remains 0 until an auditd
  daemon registers itself. There is a bug in old kernels that causes
  AUDIT_USER_AVC messages to be ignored when audit_enabled is 0. I fixed
  the bug several years ago and marked the patch for the stable tree but
  the phone kernels (mako, at least) did not pull in the patch. The
  upstream commit id is:

    0868a5e150bc4c47e7a003367cd755811eb41e0b

  What this means for our phone images is that any denial messages from
  the system D-Bus daemon are dropped instead of being properly routed
  to the syslog. This results in headaches for debugging app confinement
  denials.

  == Verification Steps ==

  # Load an AppArmor profile for testing
  $ echo profile test { file, signal, unix, } | sudo apparmor_parser -rq

  # Verify that we can talk to the system bus
  $ dbus-send --print-reply --system --dest=org.freedesktop.DBus 
/org/freedesktop/DBus org.freedesktop.DBus.ListNames
  method return sender=org.freedesktop.DBus - dest=:1.90 reply_serial=2
     array [
    string org.freedesktop.DBus
     ...

  # Clear the dmesg buffer
  $ sudo dmesg -C

  # Attempt to talk to the system bus under confinement
  $ aa-exec -p test -- dbus-send --print-reply --system 
--dest=org.freedesktop.DBus /org/freedesktop/DBus org.freedesktop.DBus.ListNames
  Failed to open connection to system message bus: An AppArmor policy 
prevents this sender from sending this message to this recipient; 
type=method_call, sender=(null) (inactive) interface=org.freedesktop.DBus 
member=Hello error name=(unset) requested_reply=0 
destination=org.freedesktop.DBus (bus)

  # We should now see an AppArmor denial in the dmesg output.
  # Successful fix verification *must* show the denial from the D-Bus daemon.
  $ sudo dmesg | grep DENIED
  [  187.737219] type=1107 audit(1438385684.065:149): pid=826 uid=102 
auid=4294967295 ses=4294967295 msg='apparmor=DENIED 
operation=dbus_method_call  bus=system path=/org/freedesktop/DBus 
interface=org.freedesktop.DBus member=Hello mask=send 
name=org.freedesktop.DBus pid=6721 label=test peer_label=unconfined

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux-flo/+bug/1473584/+subscriptions

-- 
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help   : https://help.launchpad.net/ListHelp

[Kernel-packages] [Bug 1473584] Re: AUDIT_USER_AVC messages are not printk'ed when auditd is not running

2015-07-31 Thread Tyler Hicks

Verified on a mako device.

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux-manta in Ubuntu.
https://bugs.launchpad.net/bugs/1473584

Title:
  AUDIT_USER_AVC messages are not printk'ed when auditd is not running

Status in linux-flo package in Ubuntu:
  Fix Released
Status in linux-goldfish package in Ubuntu:
  Fix Released
Status in linux-mako package in Ubuntu:
  Fix Released
Status in linux-manta package in Ubuntu:
  Fix Released
Status in linux-flo source package in Vivid:
  Fix Committed
Status in linux-goldfish source package in Vivid:
  Fix Committed
Status in linux-mako source package in Vivid:
  Fix Committed
Status in linux-manta source package in Vivid:
  Fix Committed

Bug description:
  The auditd daemon is not part of the default phone images. At the
  kernel level, the audit_enabled variable remains 0 until an auditd
  daemon registers itself. There is a bug in old kernels that causes
  AUDIT_USER_AVC messages to be ignored when audit_enabled is 0. I fixed
  the bug several years ago and marked the patch for the stable tree but
  the phone kernels (mako, at least) did not pull in the patch. The
  upstream commit id is:

    0868a5e150bc4c47e7a003367cd755811eb41e0b

  What this means for our phone images is that any denial messages from
  the system D-Bus daemon are dropped instead of being properly routed
  to the syslog. This results in headaches for debugging app confinement
  denials.

  == Verification Steps ==

  # Load an AppArmor profile for testing
  $ echo profile test { file, signal, unix, } | sudo apparmor_parser -rq

  # Verify that we can talk to the system bus
  $ dbus-send --print-reply --system --dest=org.freedesktop.DBus 
/org/freedesktop/DBus org.freedesktop.DBus.ListNames
  method return sender=org.freedesktop.DBus - dest=:1.90 reply_serial=2
     array [
    string org.freedesktop.DBus
     ...

  # Clear the dmesg buffer
  $ sudo dmesg -C

  # Attempt to talk to the system bus under confinement
  $ aa-exec -p test -- dbus-send --print-reply --system 
--dest=org.freedesktop.DBus /org/freedesktop/DBus org.freedesktop.DBus.ListNames
  Failed to open connection to system message bus: An AppArmor policy 
prevents this sender from sending this message to this recipient; 
type=method_call, sender=(null) (inactive) interface=org.freedesktop.DBus 
member=Hello error name=(unset) requested_reply=0 
destination=org.freedesktop.DBus (bus)

  # We should now see an AppArmor denial in the dmesg output.
  # Successful fix verification *must* show the denial from the D-Bus daemon.
  $ sudo dmesg | grep DENIED
  [  187.737219] type=1107 audit(1438385684.065:149): pid=826 uid=102 
auid=4294967295 ses=4294967295 msg='apparmor=DENIED 
operation=dbus_method_call  bus=system path=/org/freedesktop/DBus 
interface=org.freedesktop.DBus member=Hello mask=send 
name=org.freedesktop.DBus pid=6721 label=test peer_label=unconfined

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux-flo/+bug/1473584/+subscriptions

-- 
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help   : https://help.launchpad.net/ListHelp

[Kernel-packages] [Bug 1473584] Re: AUDIT_USER_AVC messages are not printk'ed when auditd is not running

2015-07-31 Thread Tyler Hicks

** Description changed:

  The auditd daemon is not part of the default phone images. At the kernel
  level, the audit_enabled variable remains 0 until an auditd daemon
  registers itself. There is a bug in old kernels that causes
  AUDIT_USER_AVC messages to be ignored when audit_enabled is 0. I fixed
  the bug several years ago and marked the patch for the stable tree but
  the phone kernels (mako, at least) did not pull in the patch. The
  upstream commit id is:
  
-   0868a5e150bc4c47e7a003367cd755811eb41e0b
+   0868a5e150bc4c47e7a003367cd755811eb41e0b
  
  What this means for our phone images is that any denial messages from
  the system D-Bus daemon are dropped instead of being properly routed to
  the syslog. This results in headaches for debugging app confinement
  denials.
+ 
+ == Verification Steps ==
+ 
+ # Load an AppArmor profile for testing
+ $ echo profile test { file, signal, unix, } | sudo apparmor_parser -rq
+ # Verify that we can talk to the system bus
+ $ dbus-send --print-reply --system --dest=org.freedesktop.DBus 
/org/freedesktop/DBus org.freedesktop.DBus.ListNames
+ method return sender=org.freedesktop.DBus - dest=:1.90 reply_serial=2
+array [
+   string org.freedesktop.DBus
+...
+ # Clear the dmesg buffer
+ $ sudo dmesg -C
+ # Attempt to talk to the system bus under confinement
+ $ aa-exec -p test -- dbus-send --print-reply --system 
--dest=org.freedesktop.DBus /org/freedesktop/DBus org.freedesktop.DBus.ListNames
+ Failed to open connection to system message bus: An AppArmor policy 
prevents this sender from sending this message to this recipient; 
type=method_call, sender=(null) (inactive) interface=org.freedesktop.DBus 
member=Hello error name=(unset) requested_reply=0 
destination=org.freedesktop.DBus (bus)
+ # We should now see an AppArmor denial in the dmesg output.
+ # Successful fix verification *must* show the denial from the D-Bus daemon.
+ $ sudo dmesg | grep DENIED

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux-manta in Ubuntu.
https://bugs.launchpad.net/bugs/1473584

Title:
  AUDIT_USER_AVC messages are not printk'ed when auditd is not running

Status in linux-flo package in Ubuntu:
  Fix Released
Status in linux-goldfish package in Ubuntu:
  Fix Released
Status in linux-mako package in Ubuntu:
  Fix Released
Status in linux-manta package in Ubuntu:
  Fix Released
Status in linux-flo source package in Vivid:
  Fix Committed
Status in linux-goldfish source package in Vivid:
  Fix Committed
Status in linux-mako source package in Vivid:
  Fix Committed
Status in linux-manta source package in Vivid:
  Fix Committed

Bug description:
  The auditd daemon is not part of the default phone images. At the
  kernel level, the audit_enabled variable remains 0 until an auditd
  daemon registers itself. There is a bug in old kernels that causes
  AUDIT_USER_AVC messages to be ignored when audit_enabled is 0. I fixed
  the bug several years ago and marked the patch for the stable tree but
  the phone kernels (mako, at least) did not pull in the patch. The
  upstream commit id is:

    0868a5e150bc4c47e7a003367cd755811eb41e0b

  What this means for our phone images is that any denial messages from
  the system D-Bus daemon are dropped instead of being properly routed
  to the syslog. This results in headaches for debugging app confinement
  denials.

  == Verification Steps ==

  # Load an AppArmor profile for testing
  $ echo profile test { file, signal, unix, } | sudo apparmor_parser -rq

  # Verify that we can talk to the system bus
  $ dbus-send --print-reply --system --dest=org.freedesktop.DBus 
/org/freedesktop/DBus org.freedesktop.DBus.ListNames
  method return sender=org.freedesktop.DBus - dest=:1.90 reply_serial=2
     array [
    string org.freedesktop.DBus
     ...

  # Clear the dmesg buffer
  $ sudo dmesg -C

  # Attempt to talk to the system bus under confinement
  $ aa-exec -p test -- dbus-send --print-reply --system 
--dest=org.freedesktop.DBus /org/freedesktop/DBus org.freedesktop.DBus.ListNames
  Failed to open connection to system message bus: An AppArmor policy 
prevents this sender from sending this message to this recipient; 
type=method_call, sender=(null) (inactive) interface=org.freedesktop.DBus 
member=Hello error name=(unset) requested_reply=0 
destination=org.freedesktop.DBus (bus)

  # We should now see an AppArmor denial in the dmesg output.
  # Successful fix verification *must* show the denial from the D-Bus daemon.
  $ sudo dmesg | grep DENIED
  [  187.737219] type=1107 audit(1438385684.065:149): pid=826 uid=102 
auid=4294967295 ses=4294967295 msg='apparmor=DENIED 
operation=dbus_method_call  bus=system path=/org/freedesktop/DBus 
interface=org.freedesktop.DBus member=Hello mask=send 
name=org.freedesktop.DBus pid=6721 label=test peer_label=unconfined

To manage notifications about this bug go to:

[Kernel-packages] [Bug 1473584] Re: AUDIT_USER_AVC messages are not printk'ed when auditd is not running

2015-07-31 Thread Tyler Hicks

** Description changed:

  The auditd daemon is not part of the default phone images. At the kernel
  level, the audit_enabled variable remains 0 until an auditd daemon
  registers itself. There is a bug in old kernels that causes
  AUDIT_USER_AVC messages to be ignored when audit_enabled is 0. I fixed
  the bug several years ago and marked the patch for the stable tree but
  the phone kernels (mako, at least) did not pull in the patch. The
  upstream commit id is:
  
    0868a5e150bc4c47e7a003367cd755811eb41e0b
  
  What this means for our phone images is that any denial messages from
  the system D-Bus daemon are dropped instead of being properly routed to
  the syslog. This results in headaches for debugging app confinement
  denials.
  
  == Verification Steps ==
  
  # Load an AppArmor profile for testing
  $ echo profile test { file, signal, unix, } | sudo apparmor_parser -rq
+ 
  # Verify that we can talk to the system bus
  $ dbus-send --print-reply --system --dest=org.freedesktop.DBus 
/org/freedesktop/DBus org.freedesktop.DBus.ListNames
  method return sender=org.freedesktop.DBus - dest=:1.90 reply_serial=2
-array [
-   string org.freedesktop.DBus
-...
+    array [
+   string org.freedesktop.DBus
+    ...
+ 
  # Clear the dmesg buffer
  $ sudo dmesg -C
+ 
  # Attempt to talk to the system bus under confinement
  $ aa-exec -p test -- dbus-send --print-reply --system 
--dest=org.freedesktop.DBus /org/freedesktop/DBus org.freedesktop.DBus.ListNames
  Failed to open connection to system message bus: An AppArmor policy 
prevents this sender from sending this message to this recipient; 
type=method_call, sender=(null) (inactive) interface=org.freedesktop.DBus 
member=Hello error name=(unset) requested_reply=0 
destination=org.freedesktop.DBus (bus)
+ 
  # We should now see an AppArmor denial in the dmesg output.
  # Successful fix verification *must* show the denial from the D-Bus daemon.
  $ sudo dmesg | grep DENIED
+ [  187.737219] type=1107 audit(1438385684.065:149): pid=826 uid=102 
auid=4294967295 ses=4294967295 msg='apparmor=DENIED 
operation=dbus_method_call  bus=system path=/org/freedesktop/DBus 
interface=org.freedesktop.DBus member=Hello mask=send 
name=org.freedesktop.DBus pid=6721 label=test peer_label=unconfined

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux-manta in Ubuntu.
https://bugs.launchpad.net/bugs/1473584

Title:
  AUDIT_USER_AVC messages are not printk'ed when auditd is not running

Status in linux-flo package in Ubuntu:
  Fix Released
Status in linux-goldfish package in Ubuntu:
  Fix Released
Status in linux-mako package in Ubuntu:
  Fix Released
Status in linux-manta package in Ubuntu:
  Fix Released
Status in linux-flo source package in Vivid:
  Fix Committed
Status in linux-goldfish source package in Vivid:
  Fix Committed
Status in linux-mako source package in Vivid:
  Fix Committed
Status in linux-manta source package in Vivid:
  Fix Committed

Bug description:
  The auditd daemon is not part of the default phone images. At the
  kernel level, the audit_enabled variable remains 0 until an auditd
  daemon registers itself. There is a bug in old kernels that causes
  AUDIT_USER_AVC messages to be ignored when audit_enabled is 0. I fixed
  the bug several years ago and marked the patch for the stable tree but
  the phone kernels (mako, at least) did not pull in the patch. The
  upstream commit id is:

    0868a5e150bc4c47e7a003367cd755811eb41e0b

  What this means for our phone images is that any denial messages from
  the system D-Bus daemon are dropped instead of being properly routed
  to the syslog. This results in headaches for debugging app confinement
  denials.

  == Verification Steps ==

  # Load an AppArmor profile for testing
  $ echo profile test { file, signal, unix, } | sudo apparmor_parser -rq

  # Verify that we can talk to the system bus
  $ dbus-send --print-reply --system --dest=org.freedesktop.DBus 
/org/freedesktop/DBus org.freedesktop.DBus.ListNames
  method return sender=org.freedesktop.DBus - dest=:1.90 reply_serial=2
     array [
    string org.freedesktop.DBus
     ...

  # Clear the dmesg buffer
  $ sudo dmesg -C

  # Attempt to talk to the system bus under confinement
  $ aa-exec -p test -- dbus-send --print-reply --system 
--dest=org.freedesktop.DBus /org/freedesktop/DBus org.freedesktop.DBus.ListNames
  Failed to open connection to system message bus: An AppArmor policy 
prevents this sender from sending this message to this recipient; 
type=method_call, sender=(null) (inactive) interface=org.freedesktop.DBus 
member=Hello error name=(unset) requested_reply=0 
destination=org.freedesktop.DBus (bus)

  # We should now see an AppArmor denial in the dmesg output.
  # Successful fix verification *must* show the denial from the D-Bus daemon.
  $ sudo dmesg | grep DENIED
  [  187.737219] type=1107 audit(1438385684.065:149): pid=826 uid=102 
auid=4294967295

[Kernel-packages] [Bug 1473584] Re: AUDIT_USER_AVC messages are not printk'ed when auditd is not running

2015-07-14 Thread Launchpad Bug Tracker

This bug was fixed in the package linux-manta - 3.4.0-7.32

---
linux-manta (3.4.0-7.32) wily; urgency=low

  [ Upstream Kernel Changes ]

  * audit: printk USER_AVC messages when audit isn't enabled
- LP: #1473584

 -- Tim Gardner tim.gard...@canonical.com  Mon, 13 Jul 2015 14:49:51
-0700

** Changed in: linux-manta (Ubuntu)
   Status: In Progress = Fix Released

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux-mako in Ubuntu.
https://bugs.launchpad.net/bugs/1473584

Title:
  AUDIT_USER_AVC messages are not printk'ed when auditd is not running

Status in linux-flo package in Ubuntu:
  Fix Released
Status in linux-mako package in Ubuntu:
  Fix Released
Status in linux-manta package in Ubuntu:
  Fix Released

Bug description:
  The auditd daemon is not part of the default phone images. At the
  kernel level, the audit_enabled variable remains 0 until an auditd
  daemon registers itself. There is a bug in old kernels that causes
  AUDIT_USER_AVC messages to be ignored when audit_enabled is 0. I fixed
  the bug several years ago and marked the patch for the stable tree but
  the phone kernels (mako, at least) did not pull in the patch. The
  upstream commit id is:

0868a5e150bc4c47e7a003367cd755811eb41e0b

  What this means for our phone images is that any denial messages from
  the system D-Bus daemon are dropped instead of being properly routed
  to the syslog. This results in headaches for debugging app confinement
  denials.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux-flo/+bug/1473584/+subscriptions

-- 
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help   : https://help.launchpad.net/ListHelp

[Kernel-packages] [Bug 1473584] Re: AUDIT_USER_AVC messages are not printk'ed when auditd is not running

2015-07-14 Thread Launchpad Bug Tracker

This bug was fixed in the package linux-mako - 3.4.0-6.37

---
linux-mako (3.4.0-6.37) wily; urgency=low

  [ Upstream Kernel Changes ]

  * audit: printk USER_AVC messages when audit isn't enabled
- LP: #1473584

 -- Tim Gardner tim.gard...@canonical.com  Mon, 13 Jul 2015 14:53:48
-0700

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux-mako in Ubuntu.
https://bugs.launchpad.net/bugs/1473584

Title:
  AUDIT_USER_AVC messages are not printk'ed when auditd is not running

Status in linux-flo package in Ubuntu:
  Fix Released
Status in linux-mako package in Ubuntu:
  Fix Released
Status in linux-manta package in Ubuntu:
  Fix Released

Bug description:
  The auditd daemon is not part of the default phone images. At the
  kernel level, the audit_enabled variable remains 0 until an auditd
  daemon registers itself. There is a bug in old kernels that causes
  AUDIT_USER_AVC messages to be ignored when audit_enabled is 0. I fixed
  the bug several years ago and marked the patch for the stable tree but
  the phone kernels (mako, at least) did not pull in the patch. The
  upstream commit id is:

0868a5e150bc4c47e7a003367cd755811eb41e0b

  What this means for our phone images is that any denial messages from
  the system D-Bus daemon are dropped instead of being properly routed
  to the syslog. This results in headaches for debugging app confinement
  denials.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux-flo/+bug/1473584/+subscriptions

-- 
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help   : https://help.launchpad.net/ListHelp

[Kernel-packages] [Bug 1473584] Re: AUDIT_USER_AVC messages are not printk'ed when auditd is not running

2015-07-14 Thread Launchpad Bug Tracker

This bug was fixed in the package linux-flo - 3.4.0-4.18

---
linux-flo (3.4.0-4.18) wily; urgency=low

  [ Upstream Kernel Changes ]

  * audit: printk USER_AVC messages when audit isn't enabled
- LP: #1473584

 -- Tim Gardner tim.gard...@canonical.com  Mon, 13 Jul 2015 14:39:54
-0700

** Changed in: linux-flo (Ubuntu)
   Status: In Progress = Fix Released

** Changed in: linux-mako (Ubuntu)
   Status: In Progress = Fix Released

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux-mako in Ubuntu.
https://bugs.launchpad.net/bugs/1473584

Title:
  AUDIT_USER_AVC messages are not printk'ed when auditd is not running

Status in linux-flo package in Ubuntu:
  Fix Released
Status in linux-mako package in Ubuntu:
  Fix Released
Status in linux-manta package in Ubuntu:
  Fix Released

Bug description:
  The auditd daemon is not part of the default phone images. At the
  kernel level, the audit_enabled variable remains 0 until an auditd
  daemon registers itself. There is a bug in old kernels that causes
  AUDIT_USER_AVC messages to be ignored when audit_enabled is 0. I fixed
  the bug several years ago and marked the patch for the stable tree but
  the phone kernels (mako, at least) did not pull in the patch. The
  upstream commit id is:

0868a5e150bc4c47e7a003367cd755811eb41e0b

  What this means for our phone images is that any denial messages from
  the system D-Bus daemon are dropped instead of being properly routed
  to the syslog. This results in headaches for debugging app confinement
  denials.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux-flo/+bug/1473584/+subscriptions

-- 
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help   : https://help.launchpad.net/ListHelp

[Kernel-packages] [Bug 1473584] Re: AUDIT_USER_AVC messages are not printk'ed when auditd is not running

2015-07-14 Thread Adam Conrad

** Also affects: linux-goldfish (Ubuntu)
   Importance: Undecided
   Status: New

** Changed in: linux-goldfish (Ubuntu)
   Status: New = Fix Released

** Also affects: linux-mako (Ubuntu Vivid)
   Importance: Undecided
   Status: New

** Also affects: linux-manta (Ubuntu Vivid)
   Importance: Undecided
   Status: New

** Also affects: linux-goldfish (Ubuntu Vivid)
   Importance: Undecided
   Status: New

** Also affects: linux-flo (Ubuntu Vivid)
   Importance: Undecided
   Status: New

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux-mako in Ubuntu.
https://bugs.launchpad.net/bugs/1473584

Title:
  AUDIT_USER_AVC messages are not printk'ed when auditd is not running

Status in linux-flo package in Ubuntu:
  Fix Released
Status in linux-goldfish package in Ubuntu:
  Fix Released
Status in linux-mako package in Ubuntu:
  Fix Released
Status in linux-manta package in Ubuntu:
  Fix Released
Status in linux-flo source package in Vivid:
  Fix Committed
Status in linux-goldfish source package in Vivid:
  New
Status in linux-mako source package in Vivid:
  New
Status in linux-manta source package in Vivid:
  New

Bug description:
  The auditd daemon is not part of the default phone images. At the
  kernel level, the audit_enabled variable remains 0 until an auditd
  daemon registers itself. There is a bug in old kernels that causes
  AUDIT_USER_AVC messages to be ignored when audit_enabled is 0. I fixed
  the bug several years ago and marked the patch for the stable tree but
  the phone kernels (mako, at least) did not pull in the patch. The
  upstream commit id is:

0868a5e150bc4c47e7a003367cd755811eb41e0b

  What this means for our phone images is that any denial messages from
  the system D-Bus daemon are dropped instead of being properly routed
  to the syslog. This results in headaches for debugging app confinement
  denials.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux-flo/+bug/1473584/+subscriptions

-- 
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help   : https://help.launchpad.net/ListHelp

[Kernel-packages] [Bug 1473584] Re: AUDIT_USER_AVC messages are not printk'ed when auditd is not running

2015-07-14 Thread Adam Conrad

The following backports to vivid have been accepted in vivid-proposed,
please verify them:

[ubuntu/vivid-proposed] linux-mako 3.4.0-6.37~15.04.1 (Accepted)
[ubuntu/vivid-proposed] linux-manta 3.4.0-7.32~15.04.1 (Accepted)
[ubuntu/vivid-proposed] linux-flo 3.4.0-4.18~15.04.1 (Accepted)
[ubuntu/vivid-proposed] linux-goldfish 3.4.0-4.24~15.04.1 (Accepted)

** Tags added: verification-needed

** Changed in: linux-flo (Ubuntu Vivid)
   Status: New = Fix Committed

** Changed in: linux-goldfish (Ubuntu Vivid)
   Status: New = Fix Committed

** Changed in: linux-mako (Ubuntu Vivid)
   Status: New = Fix Committed

** Changed in: linux-manta (Ubuntu Vivid)
   Status: New = Fix Committed

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux-mako in Ubuntu.
https://bugs.launchpad.net/bugs/1473584

Title:
  AUDIT_USER_AVC messages are not printk'ed when auditd is not running

Status in linux-flo package in Ubuntu:
  Fix Released
Status in linux-goldfish package in Ubuntu:
  Fix Released
Status in linux-mako package in Ubuntu:
  Fix Released
Status in linux-manta package in Ubuntu:
  Fix Released
Status in linux-flo source package in Vivid:
  Fix Committed
Status in linux-goldfish source package in Vivid:
  Fix Committed
Status in linux-mako source package in Vivid:
  Fix Committed
Status in linux-manta source package in Vivid:
  Fix Committed

Bug description:
  The auditd daemon is not part of the default phone images. At the
  kernel level, the audit_enabled variable remains 0 until an auditd
  daemon registers itself. There is a bug in old kernels that causes
  AUDIT_USER_AVC messages to be ignored when audit_enabled is 0. I fixed
  the bug several years ago and marked the patch for the stable tree but
  the phone kernels (mako, at least) did not pull in the patch. The
  upstream commit id is:

0868a5e150bc4c47e7a003367cd755811eb41e0b

  What this means for our phone images is that any denial messages from
  the system D-Bus daemon are dropped instead of being properly routed
  to the syslog. This results in headaches for debugging app confinement
  denials.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux-flo/+bug/1473584/+subscriptions

-- 
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help   : https://help.launchpad.net/ListHelp

[Kernel-packages] [Bug 1473584] Re: AUDIT_USER_AVC messages are not printk'ed when auditd is not running

2015-07-10 Thread Tyler Hicks

Sent to the kernel team:

  https://lists.ubuntu.com/archives/kernel-team/2015-July/059707.html

** Also affects: linux-manta (Ubuntu)
   Importance: Undecided
   Status: New

** Also affects: linux-flo (Ubuntu)
   Importance: Undecided
   Status: New

** Changed in: linux-flo (Ubuntu)
   Status: New = In Progress

** Changed in: linux-flo (Ubuntu)
   Importance: Undecided = Medium

** Changed in: linux-manta (Ubuntu)
   Status: New = In Progress

** Changed in: linux-manta (Ubuntu)
   Importance: Undecided = Medium

** Changed in: linux-manta (Ubuntu)
 Assignee: (unassigned) = Tyler Hicks (tyhicks)

** Changed in: linux-flo (Ubuntu)
 Assignee: (unassigned) = Tyler Hicks (tyhicks)

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux-mako in Ubuntu.
https://bugs.launchpad.net/bugs/1473584

Title:
  AUDIT_USER_AVC messages are not printk'ed when auditd is not running

Status in linux-flo package in Ubuntu:
  In Progress
Status in linux-mako package in Ubuntu:
  In Progress
Status in linux-manta package in Ubuntu:
  In Progress

Bug description:
  The auditd daemon is not part of the default phone images. At the
  kernel level, the audit_enabled variable remains 0 until an auditd
  daemon registers itself. There is a bug in old kernels that causes
  AUDIT_USER_AVC messages to be ignored when audit_enabled is 0. I fixed
  the bug several years ago and marked the patch for the stable tree but
  the phone kernels (mako, at least) did not pull in the patch. The
  upstream commit id is:

0868a5e150bc4c47e7a003367cd755811eb41e0b

  What this means for our phone images is that any denial messages from
  the system D-Bus daemon are dropped instead of being properly routed
  to the syslog. This results in headaches for debugging app confinement
  denials.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux-flo/+bug/1473584/+subscriptions

-- 
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help   : https://help.launchpad.net/ListHelp

[Kernel-packages] [Bug 1473584] Re: AUDIT_USER_AVC messages are not printk'ed when auditd is not running

[Kernel-packages] [Bug 1473584] Re: AUDIT_USER_AVC messages are not printk'ed when auditd is not running

[Kernel-packages] [Bug 1473584] Re: AUDIT_USER_AVC messages are not printk'ed when auditd is not running

[Kernel-packages] [Bug 1473584] Re: AUDIT_USER_AVC messages are not printk'ed when auditd is not running

[Kernel-packages] [Bug 1473584] Re: AUDIT_USER_AVC messages are not printk'ed when auditd is not running

[Kernel-packages] [Bug 1473584] Re: AUDIT_USER_AVC messages are not printk'ed when auditd is not running

[Kernel-packages] [Bug 1473584] Re: AUDIT_USER_AVC messages are not printk'ed when auditd is not running

[Kernel-packages] [Bug 1473584] Re: AUDIT_USER_AVC messages are not printk'ed when auditd is not running

[Kernel-packages] [Bug 1473584] Re: AUDIT_USER_AVC messages are not printk'ed when auditd is not running

[Kernel-packages] [Bug 1473584] Re: AUDIT_USER_AVC messages are not printk'ed when auditd is not running

[Kernel-packages] [Bug 1473584] Re: AUDIT_USER_AVC messages are not printk'ed when auditd is not running

[Kernel-packages] [Bug 1473584] Re: AUDIT_USER_AVC messages are not printk'ed when auditd is not running

[Kernel-packages] [Bug 1473584] Re: AUDIT_USER_AVC messages are not printk'ed when auditd is not running

[Kernel-packages] [Bug 1473584] Re: AUDIT_USER_AVC messages are not printk'ed when auditd is not running

14 matches

Site Navigation

Mail list logo

Footer information