Ultimately this is a kernel issue and the limitations it puts on
apparmor for tracking files with disconnected paths. There isn't
anything that the apparmor package or abstractions can do to help with
this, but people can update their profiles to use
flags=(attach_disconnected), as mentioned. For
Today, people experiencing this error need to use
flags=(attach_disconnected) in the profile. Eg:
/path/to/thing flags=(attach_disconnected) {
...
}
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
17.10 here, same error with mariadb-server:
Nov 07 10:08:20 pc770 audit[23211]: AVC apparmor="DENIED" operation="sendmsg"
info="Failed name lookup - disconnected path" error=-13
profile="/usr/sbin/mysqld" name="run/systemd/notify" pid=23211 comm="mysqld"
requested_mask="w" denied_mask="w"
16.04.1 here, same error.
Oct 30 00:33:19 tesla kernel: [603564.289033] audit: type=1400
audit(1477780399.072:143419): apparmor="DENIED" operation="sendmsg"
info="Failed name lookup - disconnected path" error=-13 profile="/usr/lib
/dovecot/log" name="run/systemd/journal/dev-log" pid=26591
Status changed to 'Confirmed' because the bug affects multiple users.
** Changed in: apparmor (Ubuntu)
Status: New => Confirmed
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
This is still happening with 2.10 on wily:
Jan 14 11:52:10 odroid-server2 kernel: [ 407.359113] type=1400
audit(1452772330.854:2980): apparmor="ALLOWED" operation="mount" info="failed
type match" error=-13 parent=1 profile="/usr/bin/docker"
The fix *) for this is in upstream AppArmor 2.10 and will also be in
2.9.3.
*) fix means ignoring those log entries to avoid the crash. Ideally aa-
logprof should propose adding the attach_disconnected flag. See also
https://bugzilla.opensuse.org/show_bug.cgi?id=918787
Note: You'll need to add
7 matches
Mail list logo
