Public bug reported: Hello, aa-logprof doesn't do anything useful in an lxd instance:
First, I remove the /** mrixwlk, rule from the man profile, so I'll be sure to have an easy way to create a denial. Then I generate a denial, install aa-logprof, and run aa-logprof. The aa-logprof output looks identical to a run with no denials at all. I do not know what to suggest -- discovering we're in a container of some sort and reporting that the tools might not work seems like the best we can do, but that might be wrong in the future, and might not be easy to get right today. Thanks root@u18:/etc/apparmor.d# vim usr.bin.man root@u18:/etc/apparmor.d# sudo apparmor_parser --replace usr.bin.man root@u18:/etc/apparmor.d# man man Segmentation fault root@u18:/etc/apparmor.d# aa-logprof Command 'aa-logprof' not found, but can be installed with: apt install apparmor-utils root@u18:/etc/apparmor.d# sudo apt-get install apparmor-utils [...] Setting up python3-libapparmor (2.12-4ubuntu5) ... Setting up python3-apparmor (2.12-4ubuntu5) ... Processing triggers for man-db (2.8.3-2) ... Setting up apparmor-utils (2.12-4ubuntu5) ... root@u18:/etc/apparmor.d# aa-logprof Reading log entries from /var/log/syslog. Updating AppArmor profiles in /etc/apparmor.d. root@u18:/etc/apparmor.d# tail -30 /var/log/syslog Aug 24 12:17:01 u18 CRON[14753]: (root) CMD ( cd / && run-parts --report /etc/cron.hourly) Aug 24 13:17:01 u18 CRON[14760]: (root) CMD ( cd / && run-parts --report /etc/cron.hourly) Aug 24 14:04:26 u18 systemd[1]: apt-daily.service: Failed to reset devices.list: Operation not permitted Aug 24 14:04:26 u18 systemd[1]: Starting Daily apt download activities... Aug 24 14:04:27 u18 systemd[1]: Started Daily apt download activities. Aug 24 14:17:01 u18 CRON[14816]: (root) CMD ( cd / && run-parts --report /etc/cron.hourly) Aug 24 15:17:01 u18 CRON[14822]: (root) CMD ( cd / && run-parts --report /etc/cron.hourly) Aug 24 16:17:01 u18 CRON[14828]: (root) CMD ( cd / && run-parts --report /etc/cron.hourly) Aug 24 17:17:01 u18 CRON[14834]: (root) CMD ( cd / && run-parts --report /etc/cron.hourly) Aug 24 18:17:01 u18 CRON[14841]: (root) CMD ( cd / && run-parts --report /etc/cron.hourly) Aug 24 19:17:01 u18 CRON[14847]: (root) CMD ( cd / && run-parts --report /etc/cron.hourly) Aug 24 19:49:26 u18 systemd[1]: motd-news.service: Failed to reset devices.list: Operation not permitted Aug 24 19:49:26 u18 systemd[1]: Starting Message of the Day... Aug 24 19:49:27 u18 50-motd-news[14851]: * Read about Ubuntu updates for L1 Terminal Fault Vulnerabilities Aug 24 19:49:27 u18 50-motd-news[14851]: (L1TF). Aug 24 19:49:27 u18 50-motd-news[14851]: - https://ubu.one/L1TF Aug 24 19:49:27 u18 50-motd-news[14851]: * Check out 6 great IDEs now available on Ubuntu. There may even be Aug 24 19:49:27 u18 50-motd-news[14851]: something worthwhile there for those crazy EMACS fans ;) Aug 24 19:49:27 u18 50-motd-news[14851]: - https://bit.ly/6-cool-IDEs Aug 24 19:49:27 u18 systemd[1]: Started Message of the Day. Aug 24 20:17:01 u18 CRON[14881]: (root) CMD ( cd / && run-parts --report /etc/cron.hourly) Aug 24 21:17:01 u18 CRON[14887]: (root) CMD ( cd / && run-parts --report /etc/cron.hourly) Aug 24 22:17:01 u18 CRON[14893]: (root) CMD ( cd / && run-parts --report /etc/cron.hourly) Aug 24 23:17:01 u18 CRON[14900]: (root) CMD ( cd / && run-parts --report /etc/cron.hourly) Aug 25 00:17:01 u18 CRON[14906]: (root) CMD ( cd / && run-parts --report /etc/cron.hourly) Aug 25 00:24:01 u18 CRON[14910]: (root) CMD ( test -x /etc/cron.daily/popularity-contest && /etc/cron.daily/popularity-contest --crond) Aug 25 00:59:26 u18 systemd[1]: systemd-tmpfiles-clean.service: Failed to reset devices.list: Operation not permitted Aug 25 00:59:26 u18 systemd[1]: Starting Cleanup of Temporary Directories... Aug 25 00:59:26 u18 systemd[1]: Started Cleanup of Temporary Directories. Aug 25 01:17:01 u18 CRON[14918]: (root) CMD ( cd / && run-parts --report /etc/cron.hourly) root@u18:/etc/apparmor.d# ** Affects: apparmor Importance: Undecided Status: New ** Affects: apparmor (Ubuntu) Importance: Undecided Status: New ** Also affects: apparmor Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1788973 Title: aa-logprof not useful in an lxd instance To manage notifications about this bug go to: https://bugs.launchpad.net/apparmor/+bug/1788973/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
