[Bug 1496892] [NEW] update policy for .pyc denial and common java accesses

Thu, 17 Sep 2015 07:58:31 -0700 

Public bug reported:

Python denials:
Sep 16 14:31:58 localhost kernel: [17643.143918] audit: type=1400 
audit(1442413918.208:42): apparmor="DENIED" operation="unlink" profile="xxxx" 
name="/apps/xxxx/1.0/pyenv/lib/python2.7/site-packages/simplejson/__init__.pyc" 
pid=1418 comm="python" requested_mask="d" denied_mask="d" fsuid=0 ouid=101

Java denials with easy fixes:
Sep 12 02:52:09 localhost kernel: [  116.171514] audit: type=1400 
audit(1442026329.849:11): apparmor="DENIED" operation="open" profile="xxxx" 
name="/sys/devices/system/cpu/" pid=774 comm="java" requested_mask="r" 
denied_mask="r" fsuid=0 ouid=0
Sep 12 02:52:09 localhost kernel: [  116.175142] audit: type=1400 
audit(1442026329.853:12): apparmor="DENIED" operation="open" profile="xxxx" 
name="/proc/774/" pid=774 comm="java" requested_mask="r" denied_mask="r" 
fsuid=0 ouid=0
Sep 12 02:52:10 localhost kernel: [  116.429485] audit: type=1400 
audit(1442026330.110:13): apparmor="DENIED" operation="open" profile="xxxx" 
name="/proc/772/auxv" pid=772 comm="mongod" requested_mask="r" denied_mask="r" 
fsuid=0 ouid=0
Sep 12 02:52:10 localhost kernel: [  117.293222] audit: type=1400 
audit(1442026330.977:14): apparmor="DENIED" operation="open" profile="xxxx" 
name="/proc/version_signature" pid=772 comm="mongod" requested_mask="r" 
denied_mask="r" fsuid=0 ouid=0
Sep 12 02:52:10 localhost kernel: [  117.293445] audit: type=1400 
audit(1442026330.977:15): apparmor="DENIED" operation="open" profile="xxxx" 
name="/etc/lsb-release" pid=772 comm="mongod" requested_mask="r" 
denied_mask="r" fsuid=0 ouid=0
Sep 12 02:52:10 localhost kernel: [  117.294152] audit: type=1400 
audit(1442026330.977:16): apparmor="DENIED" operation="open" profile="xxxx" 
name="/proc/version" pid=772 comm="mongod" requested_mask="r" denied_mask="r" 
fsuid=0 ouid=0
Sep 12 02:52:21 localhost kernel: [  127.566423] audit: type=1400 
audit(1442026341.247:22): apparmor="DENIED" operation="open" profile="xxxx" 
name="/proc/sys/net/ipv4/ip_local_port_range" pid=774 comm="java" 
requested_mask="r" denied_mask="r" fsuid=0 ouid=0
Sep 12 02:52:11 localhost kernel: [  117.510684] audit: type=1400 
audit(1442026331.189:17): apparmor="DENIED" operation="open" profile="xxxx" 
name="/sys/devices/pci0000:00/0000:00:01.1/ata1/host0/target0:0:0/0:0:0:0/block/sda/queue/read_ahead_kb"
 pid=772 comm="mongod" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
Sep 12 02:52:39 localhost kernel: [  145.676753] audit: type=1400 
audit(1442026359.360:24): apparmor="DENIED" operation="open" profile="xxxx" 
name="/proc/sys/vm/zone_reclaim_mode" pid=772 comm="mongod" requested_mask="r" 
denied_mask="r" fsuid=0 ouid=0
Sep 12 02:52:39 localhost kernel: [  145.678068] audit: type=1400 
audit(1442026359.360:25): apparmor="DENIED" operation="open" profile="xxxx" 
name="/sys/kernel/mm/transparent_hugepage/enabled" pid=772 comm="mongod" 
requested_mask="r" denied_mask="r" fsuid=0 ouid=0
Sep 12 02:52:39 localhost kernel: [  145.679063] audit: type=1400 
audit(1442026359.360:26): apparmor="DENIED" operation="open" profile="xxxx" 
name="/sys/kernel/mm/transparent_hugepage/defrag" pid=772 comm="mongod" 
requested_mask="r" denied_mask="r" fsuid=0 ouid=0
Sep 12 02:52:40 localhost kernel: [  146.347661] audit: type=1400 
audit(1442026360.028:27): apparmor="DENIED" operation="open" profile="xxxx" 
name="/etc/writable/timezone" pid=786 comm="java" requested_mask="r" 
denied_mask="r" fsuid=0 ouid=0

** Affects: snappy
     Importance: Undecided
         Status: Triaged

** Affects: ubuntu-core-security (Ubuntu)
     Importance: High
     Assignee: Jamie Strandboge (jdstrand)
         Status: Triaged

** Changed in: snappy
       Status: New => Triaged

** Also affects: ubuntu-core-security (Ubuntu)
   Importance: Undecided
       Status: New

** Changed in: ubuntu-core-security (Ubuntu)
       Status: New => Triaged

** Changed in: ubuntu-core-security (Ubuntu)
   Importance: Undecided => High

** Changed in: ubuntu-core-security (Ubuntu)
     Assignee: (unassigned) => Jamie Strandboge (jdstrand)

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1496892

Title:
  update policy for .pyc denial and common java accesses

To manage notifications about this bug go to:
https://bugs.launchpad.net/snappy/+bug/1496892/+subscriptions

-- 
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

Reply via email to