[apparmor] Linked profiles in complain mode

Mark Wadham ubuntu at rkw.io
Wed Jul 27 07:41:29 UTC 2016

Thanks Seth,

I've also got this issue which is confusing:

[298095.650794] audit: type=1400 audit(1469603593.253:31338): 
apparmor="DENIED" operation="getattr" info="Failed name lookup - deleted 
entry" error=-2 profile="/usr/sbin/dovecot" 
name="/var/lib/dovecot/.temp.a.rkw.io.18728.38411b5110c0f7d6" pid=18728 
comm="dovecot" requested_mask="r" denied_mask="r" fsuid=0 ouid=0

yet the usr.sbin.dovecot profile explicitly allows access to files in 
the /var/lib/dovecot/* path:

   /var/lib/dovecot/* rwkl,

If I trigger the same log entry in complain mode and run aa-logprof it 
doesn't report anything.


More information about the AppArmor mailing list