*** This bug is a security vulnerability *** Public security bug reported:
Binary package hint: dnsmasq When I startup my virt system the dnsmasq process is not enforced. I set this profile to enforce so it should be enforced. As I understood it, apparmor should start before this process starts. mich...@pessum:~$ sudo aa-status [sudo] password for michael: apparmor module is loaded. 30 profiles are loaded. 30 profiles are in enforce mode. /bin/ping /sbin/dhclient3 /sbin/klogd /sbin/syslog-ng /sbin/syslogd /usr/lib/NetworkManager/nm-dhcp-client.action /usr/lib/connman/scripts/dhclient-script /usr/lib/dovecot/deliver /usr/lib/dovecot/dovecot-auth /usr/lib/dovecot/imap /usr/lib/dovecot/imap-login /usr/lib/dovecot/managesieve-login /usr/lib/dovecot/pop3 /usr/lib/dovecot/pop3-login /usr/lib/libvirt/virt-aa-helper /usr/sbin/avahi-daemon /usr/sbin/dnsmasq /usr/sbin/dovecot /usr/sbin/identd /usr/sbin/libvirtd /usr/sbin/mdnsd /usr/sbin/nmbd /usr/sbin/nscd /usr/sbin/smbd /usr/sbin/tcpdump /usr/sbin/traceroute libvirt-5452d978-4734-915d-9de5-50b47505f09b libvirt-7589ba32-d907-452f-d41b-7e2acf2a9de4 libvirt-cbd67573-7a5f-3715-5487-904767e29fd7 libvirt-d0243b43-ada9-9a84-6ad3-762c29af15b9 0 profiles are in complain mode. 6 processes have profiles defined. 5 processes are in enforce mode : /usr/sbin/libvirtd (1446) libvirt-5452d978-4734-915d-9de5-50b47505f09b (1717) libvirt-7589ba32-d907-452f-d41b-7e2acf2a9de4 (1616) libvirt-cbd67573-7a5f-3715-5487-904767e29fd7 (1653) libvirt-d0243b43-ada9-9a84-6ad3-762c29af15b9 (1641) 0 processes are in complain mode. 1 processes are unconfined but have a profile defined. /usr/sbin/dnsmasq (1543) r...@pessum:~# kill 1543 r...@pessum:~# dnsmasq r...@pessum:~# aa-status apparmor module is loaded. 30 profiles are loaded. 30 profiles are in enforce mode. /bin/ping /sbin/dhclient3 /sbin/klogd /sbin/syslog-ng /sbin/syslogd /usr/lib/NetworkManager/nm-dhcp-client.action /usr/lib/connman/scripts/dhclient-script /usr/lib/dovecot/deliver /usr/lib/dovecot/dovecot-auth /usr/lib/dovecot/imap /usr/lib/dovecot/imap-login /usr/lib/dovecot/managesieve-login /usr/lib/dovecot/pop3 /usr/lib/dovecot/pop3-login /usr/lib/libvirt/virt-aa-helper /usr/sbin/avahi-daemon /usr/sbin/dnsmasq /usr/sbin/dovecot /usr/sbin/identd /usr/sbin/libvirtd /usr/sbin/mdnsd /usr/sbin/nmbd /usr/sbin/nscd /usr/sbin/smbd /usr/sbin/tcpdump /usr/sbin/traceroute libvirt-5452d978-4734-915d-9de5-50b47505f09b libvirt-7589ba32-d907-452f-d41b-7e2acf2a9de4 libvirt-cbd67573-7a5f-3715-5487-904767e29fd7 libvirt-d0243b43-ada9-9a84-6ad3-762c29af15b9 0 profiles are in complain mode. 6 processes have profiles defined. 6 processes are in enforce mode : /usr/sbin/dnsmasq (1809) /usr/sbin/libvirtd (1446) libvirt-5452d978-4734-915d-9de5-50b47505f09b (1717) libvirt-7589ba32-d907-452f-d41b-7e2acf2a9de4 (1616) libvirt-cbd67573-7a5f-3715-5487-904767e29fd7 (1653) libvirt-d0243b43-ada9-9a84-6ad3-762c29af15b9 (1641) 0 processes are in complain mode. 0 processes are unconfined but have a profile defined. ProblemType: Bug DistroRelease: Ubuntu 10.04 Package: dnsmasq (not installed) ProcVersionSignature: Ubuntu 2.6.32-21.32-server 2.6.32.11+drm33.2 Uname: Linux 2.6.32-21-server x86_64 NonfreeKernelModules: ksplice_e4o4fyfg_vmlinux_new ksplice_e4o4fyfg Architecture: amd64 Date: Sat May 1 16:56:35 2010 InstallationMedia: Ubuntu-Server 10.04 "Lucid Lynx" - Alpha amd64 (20100404) ProcEnviron: PATH=(custom, no user) LANG=en_US.UTF-8 SHELL=/bin/bash SourcePackage: dnsmasq ** Affects: dnsmasq (Ubuntu) Importance: Undecided Status: New ** Tags: amd64 apport-bug lucid ** Visibility changed to: Public -- dnsmasq not enforced by apparmor on boot https://bugs.launchpad.net/bugs/573315 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to dnsmasq in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs