Thank you for your bug report, and apologies for taking so long to
reply.
I created an Impish LXD container here, installed samba and apparmor-
profiles in it, and then monitored the logs to see if I could reproduce
the warnings, but apparently they have been fixed in the recent Ubuntu
releases. The only messages I see on journalctl are these ones:
Oct 13 20:10:34 samba-bug1670400 audit[3074]: AVC apparmor="ALLOWED"
operation="sendmsg" profile="smbd" name="/run/systemd/notify" pid=3074
comm="smbd" requested_mask="w" denied_mask="w" fsuid=0 ouid=0
Oct 13 20:10:34 samba-bug1670400 kernel: audit: type=1400
audit(1634155834.055:54): apparmor="ALLOWED" operation="sendmsg" profile="smbd"
name="/run/systemd/notify" pid=3074 comm="smbd" requested_mask="w"
denied_mask="w" fsuid=0 ouid=0
Oct 13 20:10:34 samba-bug1670400 audit[3074]: AVC apparmor="ALLOWED"
operation="open" profile="smbd" name="/proc/sys/kernel/osrelease" pid=3074
comm="smbd" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
Oct 13 20:10:34 samba-bug1670400 audit[3074]: AVC apparmor="ALLOWED"
operation="open" profile="smbd" name="/proc/1/environ" pid=3074 comm="smbd"
requested_mask="r" denied_mask="r" fsuid=0 ouid=0
Oct 13 20:10:34 samba-bug1670400 audit[3074]: AVC apparmor="ALLOWED"
operation="ptrace" profile="smbd" pid=3074 comm="smbd" requested_mask="read"
denied_mask="read" peer="unconfined"
Oct 13 20:10:34 samba-bug1670400 audit[3074]: AVC apparmor="ALLOWED"
operation="open" profile="smbd" name="/proc/cmdline" pid=3074 comm="smbd"
requested_mask="r" denied_mask="r" fsuid=0 ouid=0
Oct 13 20:10:34 samba-bug1670400 kernel: audit: type=1400
audit(1634155834.059:55): apparmor="ALLOWED" operation="open" profile="smbd"
name="/proc/sys/kernel/osrelease" pid=3074 comm="smbd" requested_mask="r"
denied_mask="r" fsuid=0 ouid=0
Oct 13 20:10:34 samba-bug1670400 kernel: audit: type=1400
audit(1634155834.059:56): apparmor="ALLOWED" operation="open" profile="smbd"
name="/proc/1/environ" pid=3074 comm="smbd" requested_mask="r" denied_mask="r"
fsuid=0 ouid=0
Oct 13 20:10:34 samba-bug1670400 kernel: audit: type=1400
audit(1634155834.059:57): apparmor="ALLOWED" operation="ptrace" profile="smbd"
pid=3074 comm="smbd" requested_mask="read" denied_mask="read" peer="unconfined"
Oct 13 20:10:34 samba-bug1670400 kernel: audit: type=1400
audit(1634155834.059:58): apparmor="ALLOWED" operation="open" profile="smbd"
name="/proc/cmdline" pid=3074 comm="smbd" requested_mask="r" denied_mask="r"
fsuid=0 ouid=0
Oct 13 20:10:34 samba-bug1670400 kernel: audit: type=1400
audit(1634155834.063:59): apparmor="ALLOWED" operation="sendmsg" profile="smbd"
name="/run/systemd/notify" pid=3074 comm="smbd" requested_mask="w"
denied_mask="w" fsuid=0 ouid=0
Oct 13 20:10:34 samba-bug1670400 audit[3074]: AVC apparmor="ALLOWED"
operation="sendmsg" profile="smbd" name="/run/systemd/notify" pid=3074
comm="smbd" requested_mask="w" denied_mask="w" fsuid=0 ouid=0
I am marking this bug as Incomplete in order to give the reporter time
to provide a reproducer (assuming that the bug is still valid, of
course).
Thanks.
** Changed in: samba (Ubuntu)
Status: Confirmed => Incomplete
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1593502
Title:
samba apparmor profile log entries for /var/run/msg.lock/*
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/samba/+bug/1593502/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
