[apparmor] Attempting FullSystemPolicy with Ubuntu 18.04.2 LTS...
Jamie Strandboge
jamie at canonical.com
Fri May 31 19:37:42 UTC 2019
On Fri, 31 May 2019, Ian wrote:
> The only thing outstanding is some trouble I run into after the initramfs
> chroot transition but before the apparmor service starts:
>
> May 31 12:10:55 1546-w-dev audit[5162]: AVC apparmor="ALLOWED"
> operation="exec" info="profile transition not found" error=-13
> profile="init-sys
> temd" name="/usr/bin/unshare" pid=5162 comm="(spawn)"
> requested_mask="x" denied_mask="x" fsuid=0 ouid=0
> target="/usr/bin/unshare"
> May 31 12:10:54 1546-w-dev audit[5004]: AVC apparmor="ALLOWED"
> operation="exec" info="profile transition not found" error=-13
> profile="init-sys
> temd" name="/usr/bin/unshare" pid=5004 comm="(spawn)"
> requested_mask="x" denied_mask="x" fsuid=0 ouid=0
> target="/usr/bin/unshare"
Notice it is /usr/bin/unshare here, but you mention below that
'/usr/sbin/unshare' exists, but what you pasted looks correct. Is this a typo
in the email or somewhere else?
> The /usr/sbin/unshare profile exists:
>
> root at 1546-w-dev:/etc/apparmor.d# cat usr.bin.unshare
> profile usr.bin.unshare /usr/bin/unshare
> flags=(complain,attach_disconnected) {
> #include <local/whitelist>
> }
--
Jamie Strandboge | http://www.canonical.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20190531/17f99091/attachment.sig>
More information about the AppArmor
mailing list