[apparmor] debugging aa_change_profile
John Johansen
john.johansen at canonical.com
Fri Apr 27 10:01:12 UTC 2012
On 04/26/2012 11:14 PM, Steve Beattie wrote:
> On Thu, Apr 26, 2012 at 04:31:03PM -0700, John Johansen wrote:
>> it only needs to be the same value. If you are being killed apparmor
>> should be logging what value it sees as being used.
>
> Hrm, with linux-image-3.2.0-21-generic (yes, I need to reboot into the
> released 12.04 kernel), I don't see the attempted value being reported
> when a process gets killed:
>
> type=AVC msg=audit(1335506883.709:10343): apparmor="KILLEDAUTO" operation="change_hat" parent=19778 profile="myprofile//myhat" pid=26623 comm="R" target="myprofile"
>
> I suspect I need to file a bug report.
>
It doesn't I misremembered, we don't log the token. You can get it by
turning on debug mode, and looking in dmesg
More information about the AppArmor
mailing list