[apparmor] Understanding log messages (when prof != comm)
apparmor at raf.org
apparmor at raf.org
Tue May 10 04:25:48 UTC 2016
Hi,
debian-8, apparmor-2.9.0
I need to modify my apparmor profiles for postfix and
I'm having trouble understanding what the log messages
are trying to tell me and I can't find any documentation
explaining the meaning of the contents of the log messages.
It's probably assumed to be obvious. :-)
There is a separate profile for each postfix executable.
The profile /etc/apparmor.d/usr.lib.postfix.master contains:
/usr/lib/postfix/smtp Px,
The profile /etc/apparmor.d/usr.lib.postfix.smtp contains:
/{var/spool/postfix/,}active/[0-9A-F]* rwk,
I'm seeing apparmor log messages that contain:
prof="/usr/lib/postfix/master"
op="file_lock"
name="/var/spool/postfix/active/01FBB1FA73"
comm="smtp"
req="k"
denied="k"
This makes me think that the profile for master needs to have
a rule added like the above rule for smtp but the comm="smtp"
makes me think that this log message is about smtp, not master,
but smtp already has this rule.
What am I not understanding here? Why is the profile for master
being mentioned in the log message rather than the profile for smtp?
Is it master or smtp that is trying to lock the file in question?
Which profile needs a new rule? Does the master profile needs the
same rule as the smtp profile, or is the rule in the smtp profile
incorrect?
Thanks for any help.
cheers,
raf
More information about the AppArmor
mailing list