That's no a bug, it's a missing feature ;-) - aa-logprof doesn't have support for unix rules/events yet, so you'll need to allow this by manually adding rules.
Nevertheless, thanks for the log - having some example log lines is always helpful. Dec 21 09:49:19 th1nkp4d kernel: [ 1807.331151] audit: type=1400 audit(1450687759.549:3582): apparmor="ALLOWED" operation="connect" profile="/usr/sbin/cupsd" pid=6049 comm="cupsd" family="unix" sock_type="stream" protocol=0 requested_mask="send receive connect" denied_mask="send connect" addr=none peer_addr="@2F746D702F65736574732E736F636B0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000" peer="unconfined" BTW: peer_addr decodes to # aa-decode 2F746D702F65736574732E736F636B Decoded: /tmp/esets.sock (I wonder if the tons of 0000000 are intentional - John, can you clarify this, please?) ** Summary changed: - aa-logprof ignores denied messages + aa-logprof doesn't support unix rules/events -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1528778 Title: aa-logprof doesn't support unix rules/events To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1528778/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
