[apparmor] capability ptrace not honored?
Malte Gell
mailinglisten at posteo.de
Wed Oct 18 09:26:07 UTC 2017
> Hello,
>
> Am Montag, 16. Oktober 2017, 21:05:16 CEST schrieb Malte Gell:
>> Profile: /usr/bin/foobar
>> Operation: ptrace
>> Denied: trace
>> Logfile: /var/log/audit/audit.log
> AFAIK you use openSUSE Tumbleweed, so you probably have Kernel 4.13.x.
Tumbleweed no, kernel 4.13 yes.
> With Kernel 4.13, support for the "ptrace" rule type was added (actually
Ah yes, ptrace, did the trick.
> The easiest way is to use aa-logprof - it already supports ptrace rules
> and will propose a matching, as-strict-as-possible rule.
By all that manual creating I totally forgot the other AA tools....
> Finally, 4.15 [1] will support two more rule types - dbus and unix.
That explains why getattr troubles ;-)
Thanks
More information about the AppArmor
mailing list