This change regressed my apparmor profile for a script I'm working on, which walks over processes using python3-psutil, in bionic.
I have this config in the apparmor profile: capability sys_ptrace, ptrace trace, With kernel 4.15.0-154-generic #161 it works. With kernel 4.15.0-158-generic #166 I get a DENIED error and the script backtraces when reading, for example, /proc/<pid>/fd/0 of some process, with os.readlink(): [ 19.223703] audit: type=1400 audit(1632507704.072:30): apparmor="DENIED" operation="ptrace" profile="/etc/hostos- monitoring/plugins.d/process-monitoring" pid=1098 comm="process-monitor" requested_mask="read" denied_mask="read" peer="unconfined" -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1890848 Title: 'ptrace trace' needed to readlink() /proc/*/ns/* files on older kernels To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1890848/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs