*** This bug is a duplicate of bug 1872564 ***
https://bugs.launchpad.net/bugs/1872564
** Changed in: apparmor (Ubuntu)
Status: New => Confirmed
** This bug has been marked a duplicate of bug 1872564
/proc/sys/kernel/random/boot_id rule missing from abstractions/nameservice
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/1878175
Title:
Abstraction needs access to @{PROC}/sys/kernel/random/boot_id
Status in apparmor package in Ubuntu:
Confirmed
Bug description:
This concerns apparmor 2.13.3-7ubuntu5 in Ubuntu focal.
I have AppArmor actively enforcing policy on my system. In
/var/log/syslog, I see a number of the following two sorts of
messages:
May 12 04:44:21 image-ubuntu64 kernel: [ 26.667094] audit: type=1400
audit(1589273061.296:63): apparmor="DENIED" operation="open"
profile="nscd" name="/proc/sys/kernel/random/boot_id" pid=655
comm="nscd" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
May 12 04:44:26 image-ubuntu64 kernel: [ 32.107018] audit: type=1400
audit(1589273066.730:99): apparmor="DENIED" operation="open"
profile="/usr/sbin/nslcd" name="/proc/sys/kernel/random/boot_id"
pid=1004 comm="nslcd" requested_mask="r" denied_mask="r" fsuid=0
ouid=0
The following line is needed in an abstraction somewhere:
@{PROC}/sys/kernel/random/boot_id r,
I've added it locally to /etc/apparmor.d/abstractions/nameservice, and
that took care of the above errors for me. AppArmor upstream has added
it to abstractions/nss-systemd, but this file does not exist in
Ubuntu's apparmor package.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1878175/+subscriptions
--
Mailing list: https://launchpad.net/~touch-packages
Post to : [email protected]
Unsubscribe : https://launchpad.net/~touch-packages
More help : https://help.launchpad.net/ListHelp
