Public bug reported:
With apparmor set to enforce tcpdump policy, tcpdump won't work as
according to the manpages:
>From the manpages:
"""
-z Used in conjunction with the -C or -G options, this will make tcpdump
run " command file " where file is the savefile being closed after each
rotation. For example, specifying -z gzip or -z bzip2 will compress each
savefile using gzip or bzip2.
Note that tcpdump will run the command in parallel to the capture, using the
lowest priority so that this doesn't disturb the capture process.
"""
Example command:
/usr/sbin/tcpdump -i eth0 -n -W 1 -G 1 -z gzip -w %m-%d-%y-%H:%S.pcap
Log:
Sep 7 13:40:01 some-machine kernel: [451148.079904] type=1400
audit(1315420801.653:51): apparmor="DENIED" operation="mknod" parent=16389
profile="/usr/sbin/tcpdump" name="/path/09-07-11-12:00.pcap.gz" pid=21549
comm="gzip" requested_mask="c" denied_mask="c" fsuid=0 ouid=0
** Affects: apparmor (Ubuntu)
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/844212
Title:
tcpdump can't gzip files
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/844212/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
