[apparmor] [profile] netstat(8): plenty of DENIED messages; repeated "target=*" value.

Steve Beattie steve at nxnw.org
Wed Dec 7 18:35:24 UTC 2016

On Tue, Dec 06, 2016 at 12:16:43PM -0800, John Johansen wrote:
> On 12/06/2016 07:14 AM, daniel curtis wrote:
> > Please forgive me, writing message one by one, but I think, that maybe 'deny capability sys_ptrace,' is responsible for such entries? I'm asking, because of operation="ptrace", which can be found in a log files etc.
> > 
> > What do you think? Once again - I'm sorry.
> no, capability sys_ptrace, isn't responsible for this entry, it is
> squarely on ptrace rules, more specifically no one rule is causing this
> it looks like a kernel bug in the enforcement or logging of ptrace rules

While that may be the intent, and the Ubuntu 12.04 LTS kernel might be
buggy about this, I reproduced what daniel is seeing, and converting
the 'deny capability sys_ptrace,' to allowing the sys_ptrace capability
made the rejections go away, as well as allowed netstat's -p argument
to work. Attempts to add a ptrace rule instead did not succeed.

Steve Beattie
<sbeattie at ubuntu.com>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: not available
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20161207/a976e056/attachment.pgp>

More information about the AppArmor mailing list