[apparmor] [Bug 970647] [NEW] Denials due to "deleted" are not being logged

John Johansen john.johansen at canonical.com
Sun Apr 1 08:07:35 UTC 2012 

Public bug reported:

When apparmor is enforcing a profile the default mode is to handle deleted files through file labeling and delegation.  However there are currently cases when this is not sufficient and will result in an access denial that should have an an info field of
  info="Failed name lookup - deleted entry"

However these log messages are not being generated, and apparmor is
rejecting accesses based on deleted entries being mediated.  See Bug
#969299 as one case where this is happening.

** Affects: apparmor
     Importance: Undecided
     Assignee: John Johansen (jjohansen)
         Status: New

** Affects: linux
     Importance: Undecided
         Status: New

** Affects: apparmor (Ubuntu)
     Importance: Undecided
     Assignee: John Johansen (jjohansen)
         Status: New

** Also affects: apparmor
   Importance: Undecided
       Status: New

** Bug watch added: Email to john.johansen at canonical #
   mailto:john.johansen at canonical.com

** Also affects: linux via
   mailto:john.johansen at canonical.com
   Importance: Undecided
       Status: New

** Changed in: apparmor (Ubuntu)
     Assignee: (unassigned) => John Johansen (jjohansen)

** Changed in: apparmor
     Assignee: (unassigned) => John Johansen (jjohansen)

-- 
You received this bug notification because you are a member of AppArmor
Developers, which is the registrant for AppArmor.
https://bugs.launchpad.net/bugs/970647

Title:
  Denials due to "deleted" are not being logged

Status in AppArmor Linux application security framework:
  New
Status in The Linux Kernel:
  New
Status in “apparmor” package in Ubuntu:
  New

Bug description:
  When apparmor is enforcing a profile the default mode is to handle deleted files through file labeling and delegation.  However there are currently cases when this is not sufficient and will result in an access denial that should have an an info field of
    info="Failed name lookup - deleted entry"

  However these log messages are not being generated, and apparmor is
  rejecting accesses based on deleted entries being mediated.  See Bug
  #969299 as one case where this is happening.

To manage notifications about this bug go to:
https://bugs.launchpad.net/apparmor/+bug/970647/+subscriptions

More information about the AppArmor mailing list