[apparmor] Linked profiles in complain mode
John Johansen
john.johansen at canonical.com
Thu Jul 28 04:38:12 UTC 2016
On 07/27/2016 12:41 AM, Mark Wadham wrote:
> Thanks Seth,
>
> I've also got this issue which is confusing:
>
> [298095.650794] audit: type=1400 audit(1469603593.253:31338): apparmor="DENIED" operation="getattr" info="Failed name lookup - deleted entry" error=-2 profile="/usr/sbin/dovecot" name="/var/lib/dovecot/.temp.a.rkw.io.18728.38411b5110c0f7d6" pid=18728 comm="dovecot" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
>
getattr is being done on a file descriptor that has been deleted
> yet the usr.sbin.dovecot profile explicitly allows access to files in the /var/lib/dovecot/* path:
>
> /var/lib/dovecot/* rwkl,
>
> If I trigger the same log entry in complain mode and run aa-logprof it doesn't report anything.
>
what flags does your profile have set?
More information about the AppArmor
mailing list