Before updating tcpdump apparmor configuration log messages appear when
tcpdump is invoked:
$ sudo tcpdump -i eth1
Oct 26 13:07:45 fw-test kernel: [11097.942676] device eth1 entered promiscuous
mode
Oct 26 13:07:45 fw-test kernel: [11097.949899] type=1503
audit(1288112865.271:9): operation="open" pid=1991 parent=1969
profile="/usr/sbin/tcpdump" requested_mask="r::" denied_mask="r::" fsuid=0
ouid=0 name="/etc/ethers"
Oct 26 13:07:57 fw-test kernel: [11109.844162] type=1503
audit(1288112877.167:10): operation="open" pid=1991 parent=1969
profile="/usr/sbin/tcpdump" requested_mask="r::" denied_mask="r::" fsuid=0
ouid=0 name="/etc/ethers"
Updated tcpdump apparmor configuration and those messages do not occur
$ diff -u usr.sbin.tcpdump.orig /etc/apparmor.d/usr.sbin.tcpdump
--- usr.sbin.tcpdump.orig 2010-10-26 14:52:12.647569659 -0400
+++ /etc/apparmor.d/usr.sbin.tcpdump 2010-10-26 14:53:20.379558668 -0400
@@ -25,6 +25,9 @@
/dev/bus/usb/ r,
/dev/bus/usb/** r,
+ # for -e (etc.)
+ /etc/ethers r,
+
# for -F and -w
audit deny @{HOME}/.* mrwkl,
audit deny @{HOME}/.*/ rw,
$ sudo apparmor_parser -r -T -W /etc/apparmor.d/usr.sbin.tcpdump
$ sudo tcpdump -i eth1
Oct 26 14:56:41 fw-test kernel: [17634.298002] device eth1 entered promiscuous
mode
[no additional messages in /var/log/messages]
--
tcpdump 4.0.0-6ubuntu3 denied read access to ethers(5) by apparmor profile
https://bugs.launchpad.net/bugs/660904
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
