[apparmor] AVC apparmor="DENIED" operation="file_inherit"...
Mikhail Morfikov
mmorfikov at gmail.com
Thu Oct 5 15:57:18 UTC 2017
I've been using AppArmor for some time, and I wrote many profiles for my apps.
It wasn't really a hard task, but with the kernel update in Debian (4.12 ->
4.13), many of mine profiles (already "enforced") started to give messages
similar to the one below:
AVC apparmor="DENIED" operation="file_inherit" profile="/some/profile"
name="/some/file" pid=18809 comm="app_name" requested_mask="wr" denied_mask="wr"
fsuid=1000 ouid=1000
What's the "file_inherit" operation?
The apps in question seem to work just fine when access to these files is
denied. What should be done with these kind of files? Is there any rule I can
use in this case just to get rid of the messages from the syslog?
More information about the AppArmor
mailing list