Public bug reported:
[Impact]
The ubuntu_pro_apt_news service is triggering AppArmor denials when attempting
to establish network connections.
Specifically, the system logs show apparmor="DENIED" events for network
socket operations (class="net", operation="file_perm", denied="send").
The current AppArmor profile appears to restrict the service from
sending data over HTTPS (port 443), causing it to fail where it is
expected to succeed.
[Environment]
OS: Ubuntu Resolute Raccoon (development branch) - Release 26.04
Package: ubuntu-advantage-tools (Candidate: 37.1ubuntu0)
Architecture: amd64
[Log]
The following denials are observed in the system logs during service execution:
audit: type=1400 audit(1771861891.228:192): apparmor="DENIED"
operation="file_perm" class="net" profile="ubuntu_pro_apt_news" pid=4123
comm="https" laddr=10.240.64.4 lport=35882 faddr=54.154.251.197
fport=443 family="inet" sock_type="stream" protocol=6 requested="send"
denied="send"
[Analysis]
This issue was detected during automated testing.
While this appears similar to LP: #2072489 (which addressed file
execution/read denials), this issue specifically concerns network socket
access.
** Affects: ubuntu-advantage-tools (Ubuntu)
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2142616
Title:
ubuntu_pro_apt_news: AppArmor denial for network access
(operation="file_perm" denied="send")
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ubuntu-advantage-tools/+bug/2142616/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
