[apparmor] logs with name="not an absolute path" or name=HEXSTRING
apparmor at raf.org
apparmor at raf.org
Wed Dec 20 02:56:35 UTC 2017
Hi,
debian9 (with auditd)
apparmor-2.11.0-3
apparmor-profiles-2.11.0-3
apparmor-profiles-extra-1.11
I'm seeing odd apparmor log messages where the name parameter
is not an absolute file system path.
They look like:
type=AVC msg=audit(1513725614.403:1142439): apparmor="ALLOWED"
operation="getattr" info="Failed name lookup - disconnected path"
error=-13 profile="/usr/lib/dovecot/imap"
name="var/vmailboxes/user at domain.com/Maildir/dovecot.index.log"
pid=21232 comm="imap" requested_mask="r" denied_mask="r" fsuid=104 ouid=104
There is a /var/vmailboxes... and I have rules for it.
Any idea why the leading / is missing from the log message?
It's a syntax error to have a rule that isn't for an absolute path.
I'm also seeing log messages where the name is a hex string
representation of a path (without double quotes).
e.g. name=7661722F766D616...
Is there a way to prevent this.
It means I need to decode paths in log messages before
I can add new rules to make the log messages go away.
cheers,
raf
More information about the AppArmor
mailing list