[apparmor] [Bug 974616] [NEW] mod_apparmor: no error message when requesting non-existing hat
Christian Boltz
974616 at bugs.launchpad.net
Thu Apr 5 20:23:18 UTC 2012
Public bug reported:
- AppArmor 2.7.2 on openSUSE 12.1
- httpd2-prefork profile in complain mode
- using mod_apparmor with one hat per vhost (specified with AADefaultHatName)
mod_apparmor doesn't print/log any error message if the hat specified
with AADefaultHatName does not exist. Instead, I get tons of audit.log
entries for the DEFAULT_URI hat, for example
type=AVC msg=audit(1333446842.790:303110): apparmor="ALLOWED"
operation="file_perm" parent=13357
profile="/usr/sbin/httpd2-prefork//DEFAULT_URI"
name="/home/www/example.com/statistics/logs/access_log" pid=21888
comm="httpd2-prefork" requested_mask="w" denied_mask="w" fsuid=30 ouid=0
Expected behaviour:
Write some error message to audit.log or the apache error log if the hat specified in AADefaultHatName does not exist.
It would be even better if an audit.log entry would be written so that
logprof can propose to create the missing hat.
** Affects: apparmor
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of AppArmor
Developers, which is the registrant for AppArmor.
https://bugs.launchpad.net/bugs/974616
Title:
mod_apparmor: no error message when requesting non-existing hat
Status in AppArmor Linux application security framework:
New
Bug description:
- AppArmor 2.7.2 on openSUSE 12.1
- httpd2-prefork profile in complain mode
- using mod_apparmor with one hat per vhost (specified with AADefaultHatName)
mod_apparmor doesn't print/log any error message if the hat specified
with AADefaultHatName does not exist. Instead, I get tons of audit.log
entries for the DEFAULT_URI hat, for example
type=AVC msg=audit(1333446842.790:303110): apparmor="ALLOWED"
operation="file_perm" parent=13357
profile="/usr/sbin/httpd2-prefork//DEFAULT_URI"
name="/home/www/example.com/statistics/logs/access_log" pid=21888
comm="httpd2-prefork" requested_mask="w" denied_mask="w" fsuid=30
ouid=0
Expected behaviour:
Write some error message to audit.log or the apache error log if the hat specified in AADefaultHatName does not exist.
It would be even better if an audit.log entry would be written so that
logprof can propose to create the missing hat.
To manage notifications about this bug go to:
https://bugs.launchpad.net/apparmor/+bug/974616/+subscriptions
More information about the AppArmor
mailing list