[apparmor] [Bug 1117804] [NEW] ausearch doesn't show AppArmor denial messages
Launchpad Bug Tracker
1117804 at bugs.launchpad.net
Wed Jun 21 15:47:48 UTC 2017
You have been subscribed to a public bug by Laurent Bigonville (bigon):
The following command should display all AVC denials:
ausearch -m avc
However, it doesn't work with AppArmor denials. Here's a quick test case
to generate a denial, search for it with ausearch, and see that no
messages are displayed:
$ aa-exec -p /usr/sbin/tcpdump cat /proc/self/attr/current
cat: /proc/self/attr/current: Permission denied
$ sudo ausearch -m avc -c cat
<no matches>
ausearch claims that there are no matches, but there's a matching audit
message if you look in audit.log:
type=AVC msg=audit(1360193426.539:64): apparmor="DENIED"
operation="open" parent=8253 profile="/usr/sbin/tcpdump"
name="/proc/8485/attr/current" pid=8485 comm="cat" requested_mask="r"
denied_mask="r" fsuid=1000 ouid=1000
** Affects: apparmor
Importance: Low
Status: Confirmed
** Affects: audit (Ubuntu)
Importance: Low
Status: Confirmed
** Tags: apparmor
--
ausearch doesn't show AppArmor denial messages
https://bugs.launchpad.net/bugs/1117804
You received this bug notification because you are a member of AppArmor Developers, which is subscribed to the bug report.
More information about the AppArmor
mailing list