[Bug 228229] [NEW] sshd profile does not work out-of-the-box

Launchpad Bug Tracker 228229 at bugs.launchpad.net
Tue Feb 3 07:23:40 GMT 2009 

You have been subscribed to a public bug:

Binary package hint: apparmor-profiles

The apparmor profile for sshd provided by the apparmor-profiles package
does not work out-of-the-box. Looking over syslog, it appears there are
seven types of audit entries (one of each follows). Until this is fixed,
the usr.sbin.sshd file in apparmor-profiles should have
"flags=(complain)" added to it.

May  8 08:23:26 darwin kernel: [136857.839011] audit(1210249406.803:56):
type=1502 operation="inode_permission" requested_mask="r::"
denied_mask="r::" name="/etc/default/locale" pid=21377
profile="/usr/sbin/sshd" namespace="default"

May  8 08:23:29 darwin kernel: [136860.663589] audit(1210249409.633:71):
type=1502 operation="inode_permission" requested_mask="::r"
denied_mask="::r" name="/etc/default/locale" pid=21377
profile="/usr/sbin/sshd" namespace="default"

May  8 08:23:26 darwin kernel: [136857.842204] audit(1210249406.803:58):
type=1502 operation="inode_permission" requested_mask="r::"
denied_mask="r::" name="/proc/filesystems" pid=21375
profile="/usr/sbin/sshd" namespace="default"

May  8 08:23:26 darwin kernel: [136857.839817] audit(1210249406.803:57):
type=1502 operation="inode_permission" requested_mask="::r"
denied_mask="::r" name="/proc/filesystems" pid=21377
profile="/usr/sbin/sshd" namespace="default"

May  8 09:33:21 darwin kernel: [141051.379421] audit(1210253601.703:83):
type=1502 operation="file_lock" requested_mask="k::" denied_mask="k::"
name="/var/log/wtmp" pid=21412 profile="/usr/sbin/sshd"
namespace="default"

May  8 08:23:26 darwin kernel: [136857.837856] audit(1210249406.803:55):
type=1502 operation="inode_permission" requested_mask="r::"
denied_mask="r::" name="/var/run/motd" pid=21377
profile="/usr/sbin/sshd" namespace="default"

May  8 09:59:43 darwin kernel: [142632.555690] audit(1210255183.393:84):
type=1502 operation="file_lock" requested_mask="k::" denied_mask="k::"
name="/var/run/utmp" pid=21412 profile="/usr/sbin/sshd"
namespace="default"

** Affects: openssh (Ubuntu)
     Importance: Undecided
         Status: New

-- 
sshd profile does not work out-of-the-box
https://bugs.edge.launchpad.net/bugs/228229
You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to openssh in ubuntu.

More information about the Ubuntu-server-bugs mailing list