[apparmor] profiling pidgin

Me Self wmsopou at gmail.com
Wed Apr 27 12:57:40 UTC 2016 

After profiling pidgin with aa-genprof it wont start up.

So I did aa-compain on pidgin, started pidgin and then ran aa-logprof.

aa-logprof didnt find anything new.

Inspecting the kern.log myself while starting pidgin in complain mode I
only find two DENIEDs:

Apr 27 14:39:41 boat kernel: [90301.537887] audit: type=1400
audit(1461760781.869:1955): apparmor="DENIED" operation="connect"
profile="/usr/bin/pidgin" pid=24003 comm="pidgin" family="unix"
sock_type="stream" protocol=0 requested_mask="send receive connect"
denied_mask="send connect" addr=none peer_addr="@/tmp/.X11-unix/X0"
peer="unconfined"

Apr 27 14:40:22 boat kernel: [90342.547209] audit: type=1400
audit(1461760822.878:1956): apparmor="DENIED" operation="connect"
profile="/usr/bin/pidgin" pid=24013 comm="pidgin" family="unix"
sock_type="stream" protocol=0 requested_mask="send receive connect"
denied_mask="send connect" addr=none peer_addr="@/tmp/.X11-unix/X0"
peer="unconfined"

Could these be blocking the app in enforce mode? and why isnt aa-logprof
picking it up?

The profile looks like this:

# Last Modified: Wed Apr 27 14:38:00 2016
#include <tunables/global>

/usr/bin/pidgin flags=(complain) {
  #include <abstractions/base>

  network inet dgram,
  network inet stream,
  network inet6 dgram,
  network netlink raw,

  ptrace trace peer=unconfined,

  /dev/ r,
  /dev/shm/ r,
  /dev/shm/* rw,
  /etc/fonts/** r,
  /etc/gai.conf r,
  /etc/gnome/defaults.list r,
  /etc/host.conf r,
  /etc/hosts r,
  /etc/machine-id r,
  /etc/nsswitch.conf r,
  /etc/passwd r,
  /etc/pulse/client.conf r,
  /home/*/.Xauthority r,
  /home/*/.cache/gstreamer-1.0/registry.x86_64.bin r,
  /home/*/.config/dconf/user r,
  /home/*/.config/enchant/ r,
  /home/*/.config/enchant/* rw,
  /home/*/.config/ibus/** r,
  /home/*/.config/ibus/bus/ w,
  /home/*/.local/share/applications/ r,
  /home/*/.local/share/icons/ r,
  /home/*/.purple/* rw,
  /home/*/.purple/certificates/x509/** rw,
  /home/*/.purple/logs/irc/** w,
  /home/*/.purple/plugins/ r,
  /home/*/.purple/smileys/ r,
  /proc/*/status r,
  /run/dbus/system_bus_socket r,
  /run/resolvconf/resolv.conf r,
  /run/user/1000/* rw,
  /run/user/1000/dconf/user rw,
  /sys/devices/system/cpu/ r,
  /sys/devices/system/node/ r,
  /sys/devices/system/node/node0/meminfo r,
  /tmp/ r,
  /usr/bin/pidgin mr,
  /usr/local/share/fonts/ r,
  /usr/share/applications/ r,
  /usr/share/applications/mimeinfo.cache r,
  /usr/share/applications/pidgin.desktop r,
  /usr/share/enchant/enchant.ordering r,
  /usr/share/fontconfig/** r,
  /usr/share/fonts/ r,
  /usr/share/fonts/** r,
  /usr/share/glib-2.0/schemas/gschemas.compiled r,
  /usr/share/gnome/applications/ r,
  /usr/share/hunspell/* r,
  /usr/share/icons/ r,
  /usr/share/icons/** r,
  /usr/share/mime/mime.cache r,
  /usr/share/pixmaps/ r,
  /usr/share/pixmaps/pidgin/** r,
  /usr/share/poppler/**/ r,
  /usr/share/sounds/purple/* r,
  /usr/share/themes/ r,
  /usr/share/themes/** r,
  /usr/share/ubuntu/applications/ r,
  /var/cache/fontconfig/* r,
  /var/tmp/ r,

}
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20160427/5428eaae/attachment.html>

More information about the AppArmor mailing list