[apparmor] unexpected apparmor logs
apparmor at raf.org
apparmor at raf.org
Mon Mar 26 02:36:51 UTC 2018
hi,
debian-9.4, apparmor-2.11.0-3+deb9u2
i'm getting logs for apache2 in complain mode that i don't
think should be appearing. they look like:
type=AVC msg=audit(1522031265.304:6228): apparmor="ALLOWED"
operation="file_lock" profile="/usr/sbin/apache2"
name="/run/lock/apache2/mpm-accept-0.22001" pid=22033
comm="/usr/sbin/apach" requested_mask="wk" denied_mask="wk"
fsuid=33 ouid=0
however, there is this rule in /etc/apparmor.d/usr.sbin.apache2:
/{var/,}run/lock/apache2/mpm-accept.[0-9]* wk,
any idea why this rule is not being recognised?
i have restarted apache2 since reloading the profile.
also, does anyone know why the log message has
comm="/usr/sbin/apach" instead of comm="/usr/sbin/apache2"?
cheers,
raf
More information about the AppArmor
mailing list