Public bug reported:
I have created an AppArmor profile for SSH.
The profile is created successfully but each time I run aa-logprof it gives
PermissionError: [Errno 13]
An example of the error:
<pre>Traceback (most recent call last):
File "/usr/sbin/aa-enforce", line 35, in <module>
tool.cmd_enforce()
File "/usr/lib/python3/dist-packages/apparmor/tools.py", line 150, in
cmd_enforce
apparmor.set_enforce(profile, program)
File "/usr/lib/python3/dist-packages/apparmor/aa.py", line 293, in set_enforce
change_profile_flags(filename, program, 'complain', False)
File "/usr/lib/python3/dist-packages/apparmor/aa.py", line 704, in
change_profile_flags
set_profile_flags(filename, program, newflags)
File "/usr/lib/python3/dist-packages/apparmor/aa.py", line 753, in
set_profile_flags
os.rename(temp_file.name, prof_filename)
PermissionError: [Errno 13] Permission denied:
'/etc/apparmor.d/usr.sbin.tcpdumpwvx1h0xl~' ->
'/etc/apparmor.d/usr.sbin.tcpdump'
</pre>
Please consider reporting a bug at https://bugs.launchpad.net/apparmor/
and attach this file.
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Traceback (most recent call last):
File "/usr/sbin/aa-logprof", line 50, in <module>
apparmor.do_logprof_pass(logmark)
File "/usr/lib/python3/dist-packages/apparmor/aa.py", line 1824, in
do_logprof_pass
save_profiles()
File "/usr/lib/python3/dist-packages/apparmor/aa.py", line 1921, in
save_profiles
write_profile_ui_feedback(profile_name)
File "/usr/lib/python3/dist-packages/apparmor/aa.py", line 3404, in
write_profile_ui_feedback
write_profile(profile)
File "/usr/lib/python3/dist-packages/apparmor/aa.py", line 3413, in
write_profile
newprof = tempfile.NamedTemporaryFile('w', suffix='~', delete=False,
dir=profile_dir)
File "/usr/lib/python3.5/tempfile.py", line 688, in NamedTemporaryFile
(fd, name) = _mkstemp_inner(dir, prefix, suffix, flags, output_type)
File "/usr/lib/python3.5/tempfile.py", line 399, in _mkstemp_inner
fd = _os.open(file, flags, 0o600)
PermissionError: [Errno 13] Permission denied: '/etc/apparmor.d/tmpujtge2jq~'
An unexpected error occurred!
For details, see /tmp/apparmor-bug report-5qnjyx3t.txt
Please consider reporting a bug at https://bugs.launchpad.net/apparmor/
and attach this file.
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
root@protegrity-framework314:/var/www# aa-complain /etc/apparmor.d/*
Profile for /etc/apparmor.d/abstractions not found, skipping
Profile for /etc/apparmor.d/apache2.d not found, skipping
Setting /etc/apparmor.d/bin.ping to complain mode.
Profile for /etc/apparmor.d/cache not found, skipping
Profile for /etc/apparmor.d/disable not found, skipping
Setting /etc/apparmor.d/etc.opt.Cluster.cluster_config.status.xml to complain
mode.
Setting /etc/apparmor.d/etc.opt.Cluster.cluster_config.xml to complain mode.
Traceback (most recent call last):
File "/usr/sbin/aa-complain", line 35, in <module>
tool.cmd_complain()
File "/usr/lib/python3/dist-packages/apparmor/tools.py", line 165, in
cmd_complain
apparmor.set_complain(profile, program)
File "/usr/lib/python3/dist-packages/apparmor/aa.py", line 286, in
set_complain
change_profile_flags(filename, program, 'complain', True)
File "/usr/lib/python3/dist-packages/apparmor/aa.py", line 704, in
change_profile_flags
set_profile_flags(filename, program, newflags)
File "/usr/lib/python3/dist-packages/apparmor/aa.py", line 720, in
set_profile_flags
temp_file = tempfile.NamedTemporaryFile('w', prefix=prof_filename,
suffix='~', delete=False, dir=profile_dir)
File "/usr/lib/python3.5/tempfile.py", line 688, in NamedTemporaryFile
(fd, name) = _mkstemp_inner(dir, prefix, suffix, flags, output_type)
File "/usr/lib/python3.5/tempfile.py", line 399, in _mkstemp_inner
fd = _os.open(file, flags, 0o600)
PermissionError: [Errno 13] Permission denied:
'/etc/apparmor.d/etc.opt.Cluster.cluster_config.xml7m7t4rvb~'
An unexpected error occurred!
For details, see /tmp/apparmor-bugreport-oe_mo879.txt
Please consider reporting a bug at https://bugs.launchpad.net/apparmor/
and attach this file.
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Secondly, once I accept this denial, AppArmor repeatedly gives similar
denials for almost every profile.
I am using a security product and running it on Debian 9.
root@protegrity:/var/www# cat /etc/debian_version
9.9
I expect that these denials should not occur repeatedly.
Please do check.
** Affects: apparmor (Ubuntu)
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/1865450
Title:
PermissionError for AppArmor Profiles i.e., SSH
Status in apparmor package in Ubuntu:
New
Bug description:
I have created an AppArmor profile for SSH.
The profile is created successfully but each time I run aa-logprof it gives
PermissionError: [Errno 13]
An example of the error:
<pre>Traceback (most recent call last):
File "/usr/sbin/aa-enforce", line 35, in <module>
tool.cmd_enforce()
File "/usr/lib/python3/dist-packages/apparmor/tools.py", line 150, in
cmd_enforce
apparmor.set_enforce(profile, program)
File "/usr/lib/python3/dist-packages/apparmor/aa.py", line 293, in
set_enforce
change_profile_flags(filename, program, 'complain', False)
File "/usr/lib/python3/dist-packages/apparmor/aa.py", line 704, in
change_profile_flags
set_profile_flags(filename, program, newflags)
File "/usr/lib/python3/dist-packages/apparmor/aa.py", line 753, in
set_profile_flags
os.rename(temp_file.name, prof_filename)
PermissionError: [Errno 13] Permission denied:
'/etc/apparmor.d/usr.sbin.tcpdumpwvx1h0xl~' ->
'/etc/apparmor.d/usr.sbin.tcpdump'
</pre>
Please consider reporting a bug at https://bugs.launchpad.net/apparmor/
and attach this file.
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Traceback (most recent call last):
File "/usr/sbin/aa-logprof", line 50, in <module>
apparmor.do_logprof_pass(logmark)
File "/usr/lib/python3/dist-packages/apparmor/aa.py", line 1824, in
do_logprof_pass
save_profiles()
File "/usr/lib/python3/dist-packages/apparmor/aa.py", line 1921, in
save_profiles
write_profile_ui_feedback(profile_name)
File "/usr/lib/python3/dist-packages/apparmor/aa.py", line 3404, in
write_profile_ui_feedback
write_profile(profile)
File "/usr/lib/python3/dist-packages/apparmor/aa.py", line 3413, in
write_profile
newprof = tempfile.NamedTemporaryFile('w', suffix='~', delete=False,
dir=profile_dir)
File "/usr/lib/python3.5/tempfile.py", line 688, in NamedTemporaryFile
(fd, name) = _mkstemp_inner(dir, prefix, suffix, flags, output_type)
File "/usr/lib/python3.5/tempfile.py", line 399, in _mkstemp_inner
fd = _os.open(file, flags, 0o600)
PermissionError: [Errno 13] Permission denied: '/etc/apparmor.d/tmpujtge2jq~'
An unexpected error occurred!
For details, see /tmp/apparmor-bug report-5qnjyx3t.txt
Please consider reporting a bug at https://bugs.launchpad.net/apparmor/
and attach this file.
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
root@protegrity-framework314:/var/www# aa-complain /etc/apparmor.d/*
Profile for /etc/apparmor.d/abstractions not found, skipping
Profile for /etc/apparmor.d/apache2.d not found, skipping
Setting /etc/apparmor.d/bin.ping to complain mode.
Profile for /etc/apparmor.d/cache not found, skipping
Profile for /etc/apparmor.d/disable not found, skipping
Setting /etc/apparmor.d/etc.opt.Cluster.cluster_config.status.xml to complain
mode.
Setting /etc/apparmor.d/etc.opt.Cluster.cluster_config.xml to complain mode.
Traceback (most recent call last):
File "/usr/sbin/aa-complain", line 35, in <module>
tool.cmd_complain()
File "/usr/lib/python3/dist-packages/apparmor/tools.py", line 165, in
cmd_complain
apparmor.set_complain(profile, program)
File "/usr/lib/python3/dist-packages/apparmor/aa.py", line 286, in
set_complain
change_profile_flags(filename, program, 'complain', True)
File "/usr/lib/python3/dist-packages/apparmor/aa.py", line 704, in
change_profile_flags
set_profile_flags(filename, program, newflags)
File "/usr/lib/python3/dist-packages/apparmor/aa.py", line 720, in
set_profile_flags
temp_file = tempfile.NamedTemporaryFile('w', prefix=prof_filename,
suffix='~', delete=False, dir=profile_dir)
File "/usr/lib/python3.5/tempfile.py", line 688, in NamedTemporaryFile
(fd, name) = _mkstemp_inner(dir, prefix, suffix, flags, output_type)
File "/usr/lib/python3.5/tempfile.py", line 399, in _mkstemp_inner
fd = _os.open(file, flags, 0o600)
PermissionError: [Errno 13] Permission denied:
'/etc/apparmor.d/etc.opt.Cluster.cluster_config.xml7m7t4rvb~'
An unexpected error occurred!
For details, see /tmp/apparmor-bugreport-oe_mo879.txt
Please consider reporting a bug at https://bugs.launchpad.net/apparmor/
and attach this file.
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Secondly, once I accept this denial, AppArmor repeatedly gives similar
denials for almost every profile.
I am using a security product and running it on Debian 9.
root@protegrity:/var/www# cat /etc/debian_version
9.9
I expect that these denials should not occur repeatedly.
Please do check.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1865450/+subscriptions
--
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help : https://help.launchpad.net/ListHelp
