Page 7 of 19 FirstFirst ... 5678917 ... LastLast
Results 61 to 70 of 185

Thread: AppArmor Support Thread

  1. #61

    Re: AppArmor Support Thread

    after upgrade to 9.04 once i see at start time some mysql complains of apparmor. now (on firefox upgrade) i have looked for mysql apparmor file and see that it has been disappeared. then i downloaded and looked at files of apparmor-profiles package and see that it also do not include mysql profile, even not in /usr/share/doc/apparmor-profiles/extras/ . why it disappeared and if it has disappeared how it complained? or i do not know where it is?

    2009-12-07: found: usr.sbin.mysqld
    Last edited by q.dinar; December 7th, 2009 at 02:45 PM.

  2. #62
    Join Date
    Jan 2008
    Location
    USA
    Beans
    971
    Distro
    Ubuntu 12.04 Precise Pangolin

    Re: AppArmor Support Thread

    Quote Originally Posted by q.dinar View Post
    after upgrade to 9.04 once i see at start time some mysql complains of apparmor. now (on firefox upgrade) i have looked for mysql apparmor file and see that it has been disappeared. then i downloaded and looked at files of apparmor-profiles package and see that it also do not include mysql profile, even not in /usr/share/doc/apparmor-profiles/extras/ . why it disappeared and if it has disappeared how it complained? or i do not know where it is?
    AppArmor on Karmic has not been without its problems for me. The "aa-logprof" command did not work on the BETA and profile generation was impossible because of it. I filed a bug and one of the devs fixed it. I assume that fix got pushed to the Final release.

    At any rate, I don't know about your problem but I would file a bug about it (search for similar bugs first, of course).

  3. #63
    Join Date
    Oct 2006
    Location
    ottawa, canada
    Beans
    6
    Distro
    Xubuntu 9.10 Karmic Koala

    Question Re: AppArmor Support Thread

    i recently upgraded to 9.10 and now i these messages in my log:
    Code:
    Nov  1 20:26:51 peace kernel: [   42.053509] type=1505 audit(1257125211.942:35): operation="profile_replace" pid=1134 name=/bin/ping
    Nov  1 20:26:51 peace kernel: [   42.059470] type=1505 audit(1257125211.946:36): operation="profile_replace" pid=1135 name=/sbin/dhclient3
    Nov  1 20:26:51 peace kernel: [   42.063092] type=1505 audit(1257125211.950:37): operation="profile_replace" pid=1135 name=/usr/lib/NetworkManager/nm-dhcp-client.action
    Nov  1 20:26:51 peace kernel: [   42.063675] type=1505 audit(1257125211.950:38): operation="profile_replace" pid=1135 name=/usr/lib/connman/scripts/dhclient-script
    Nov  1 20:26:51 peace kernel: [   42.070677] type=1505 audit(1257125211.958:39): operation="profile_replace" pid=1136 name=/sbin/klogd
    Nov  1 20:26:51 peace kernel: [   42.078618] type=1505 audit(1257125211.966:40): operation="profile_replace" pid=1137 name=/sbin/syslog-ng
    Nov  1 20:26:51 peace kernel: [   42.085532] type=1505 audit(1257125211.974:41): operation="profile_replace" pid=1138 name=/sbin/syslogd
    Nov  1 20:26:51 peace kernel: [   42.101399] type=1505 audit(1257125211.990:42): operation="profile_replace" pid=1139 name=/usr/bin/evince
    Nov  1 20:26:52 peace kernel: [   42.119482] type=1505 audit(1257125212.006:43): operation="profile_replace" pid=1139 name=/usr/bin/evince-previewer
    Nov  1 20:26:52 peace kernel: [   42.130401] type=1505 audit(1257125212.018:44): operation="profile_replace" pid=1139 name=/usr/bin/evince-thumbnailer
    how do i get rid of them safely?

  4. #64
    Join Date
    Apr 2006
    Location
    Montana
    Beans
    Hidden!
    Distro
    Kubuntu Development Release

    Re: AppArmor Support Thread

    Quote Originally Posted by keb View Post
    i recently upgraded to 9.10 and now i these messages in my log:
    Code:
    Nov  1 20:26:51 peace kernel: [   42.053509] type=1505 audit(1257125211.942:35): operation="profile_replace" pid=1134 name=/bin/ping
    Nov  1 20:26:51 peace kernel: [   42.059470] type=1505 audit(1257125211.946:36): operation="profile_replace" pid=1135 name=/sbin/dhclient3
    Nov  1 20:26:51 peace kernel: [   42.063092] type=1505 audit(1257125211.950:37): operation="profile_replace" pid=1135 name=/usr/lib/NetworkManager/nm-dhcp-client.action
    Nov  1 20:26:51 peace kernel: [   42.063675] type=1505 audit(1257125211.950:38): operation="profile_replace" pid=1135 name=/usr/lib/connman/scripts/dhclient-script
    Nov  1 20:26:51 peace kernel: [   42.070677] type=1505 audit(1257125211.958:39): operation="profile_replace" pid=1136 name=/sbin/klogd
    Nov  1 20:26:51 peace kernel: [   42.078618] type=1505 audit(1257125211.966:40): operation="profile_replace" pid=1137 name=/sbin/syslog-ng
    Nov  1 20:26:51 peace kernel: [   42.085532] type=1505 audit(1257125211.974:41): operation="profile_replace" pid=1138 name=/sbin/syslogd
    Nov  1 20:26:51 peace kernel: [   42.101399] type=1505 audit(1257125211.990:42): operation="profile_replace" pid=1139 name=/usr/bin/evince
    Nov  1 20:26:52 peace kernel: [   42.119482] type=1505 audit(1257125212.006:43): operation="profile_replace" pid=1139 name=/usr/bin/evince-previewer
    Nov  1 20:26:52 peace kernel: [   42.130401] type=1505 audit(1257125212.018:44): operation="profile_replace" pid=1139 name=/usr/bin/evince-thumbnailer
    how do i get rid of them safely?
    Those messages are normal, they are telling you these profiles are loaded.
    There are two mistakes one can make along the road to truth...not going all the way, and not starting.
    --Prince Gautama Siddharta

    #ubuntuforums web interface

  5. #65

    Re: AppArmor Support Thread

    now i see mysql profile, may be that time i just have not noticed it thinking that it should start with "usr.bin." . but it is "usr.sbin.mysqld".

    i have successfully loaded a file in table with "LOAD DATA LOCAL INFILE ..." command, as in http://dev.mysql.com/doc/refman/5.1/...ng-tables.html , from ~/doc/tmp/msql.txt , which is not allowed in apparmor profile for mysqld, i loaded that from mysql command, so "mysql" does not use "mysqld" when loads data in table? i add after a minute: probably they share some binary libraries.

  6. #66

    apparmor-profiles in 9.10

    hello . i have installed extra profiles, they are installed in /usr-share/doc/apparmor..... , i have copied some of them to /etc/apparmor.d/ .
    when i runned netstat program these messages appeared:
    Dec 21 08:54:06 dinar-desktop kernel: [ 2393.374180] type=1503 audit(1261374846.637:173): operation="open" pid=3033 parent=2363 profile="/bin/netstat" requested_mask="r::" denied_mask="r::" fsuid=0 ouid=0 name="/proc/1/fd/"
    Dec 21 08:54:06 dinar-desktop kernel: [ 2393.374225] type=1503 audit(1261374846.637:174): operation="open" pid=3033 parent=2363 profile="/bin/netstat" requested_mask="r::" denied_mask="r::" fsuid=0 ouid=0 name="/proc/2/fd/"
    ...
    though there is
    @{PROC}/[0-9]*/fd r,
    in /etc/apparmor.d/bin.netstat
    .

    and:
    Dec 21 08:36:49 dinar-desktop kernel: [ 1356.514076] type=1503 audit(1261373809.777:172): operation="open" pid=2710 parent=2709 profile="/etc/cron.daily/logrotate" requested_mask="r::" denied_mask="r::" fsuid=0 ouid=0 name="/etc/logrotate.d/"
    though there was
    /etc/logrotate.d r,
    in /etc/apparmor.d/etc.cron.daily.logrotate .
    i have now added
    /etc/logrotate.d/ r,
    to it and will look what will happen during logrotate runned by cron.

    also there is some packet for apache change hat, now there is usr.lib.apache2.mpm-prefork.apache2 profile, is it possible to make change hat to "worker" apache?
    2009-12-22: and also there is another profile called like /usr/sbin/httpd... , it works with some edition.
    Last edited by q.dinar; December 22nd, 2009 at 07:47 AM.

  7. #67

    Re: apparmor-profiles in 9.10

    i used netstat this way:
    sudo netstat -tunp
    and now i have added to its profile:
    @{PROC}/[0-9]*/fd/ r,
    and it says other messages now, so "trailing slash" is important here. and i hope that adding last slash also fixed that error of logrotate.

    2009-12-25 18:39 utc+3 : may be these profiles are written not by mistake but they are not edited since older version of apparmor, there is about changes in path writings: http://en.opensuse.org/AppArmor/Changes_AppArmor_2_1 .
    Last edited by q.dinar; December 25th, 2009 at 04:40 PM.

  8. #68

    Re: AppArmor Support Thread

    hello. why tcpdump needs "usb"? and is "usb" "universal serial bus"?
    it asked at my computer:
    Dec 21 14:53:16 dinar-desktop kernel: [ 4185.081498] type=1503 audit(1261396396.345:195): operation="open" pid=2963 parent=2185 profile="/usr/sbin/tcpdump" requested_mask="r::" denied_mask="r::" fsuid=0 ouid=0 name="/dev/bus/usb/"
    also there is in its apparmor profile:
    @{PROC}/bus/usb/ r,
    @{PROC}/bus/usb/** r,
    now i have added
    /dev/bus/usb/ r,
    but i think i will comment it out.

    now it has asked also for /dev/usbmon1 , /dev/usbmon2, /dev/usbmon3 .

    may be that is for usb adsl modem ? but mine is not that.


    and i have question about installing programs like skype and google earth. if i open their deb file with archive manager (file-roller...?) and check files in control.tar.gz and data.tar.gz ? as i remember and know there is none installer script in skype package and only one binary file. if there is installer script in control.tar.gz, i should check what they do looking at their code content, i think.

    i runned some programs as root by mistake(?) sometimes even not blocked up with apparmor. now i have deleted /root/ from tunables/home and suggest to you. now i have runned firefox 3.5 with apparmor profile ant /root/ deleted as root, it could not run, i have checked profile, i see it cannot do much, but do you know what it can do so if runs as root.
    unfortunately once i have runned open office as root by mistake in previous installation. now only firefox blocked. now i am going to open files clicking right button first and suggest that to you when working with gksudo nautilus.

  9. #69

    Re: AppArmor Support Thread

    another thing about tcpdump:
    sudo tcpdump -qn > /var/log/tcpdump.log
    says:
    bash: /var/log/tcpdump.log: Permission denied
    and nothing is written by apparmor in log files.

    by the way, why syslog and messages and kern.log contents are partially dublicated? how to make every of log lines written only in one log file?

  10. #70
    Join Date
    Mar 2006
    Location
    Williams Lake
    Beans
    Hidden!
    Distro
    Ubuntu Development Release

    Re: AppArmor Support Thread

    You can use the edit button in the lower right of a post to add to it, instead of creating so many posts.

Page 7 of 19 FirstFirst ... 5678917 ... LastLast

Tags for this Thread

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •