Page 9 of 12 FirstFirst ... 7891011 ... LastLast
Results 81 to 90 of 112

Thread: Share your AppArmor Profiles

  1. #81
    Join Date
    Aug 2006
    Beans
    82
    Distro
    Kubuntu 13.10 Saucy Salamander

    Re: Share your AppArmor Profiles

    This bug on launchpad confirms what I observed on my machine. How can I modify the Firefox profile to make Flashgot work?

  2. #82
    Join Date
    Apr 2006
    Location
    Montana
    Beans
    Hidden!
    Distro
    Kubuntu Development Release

    Re: Share your AppArmor Profiles

    Quote Originally Posted by tlu View Post
    This bug on launchpad confirms what I observed on my machine. How can I modify the Firefox profile to make Flashgot work?
    You will need to look at the logs

    /var/log/messages

    And edit the firefox profile

    See the apparmor thread for details.

    Introduction to AppArmor
    There are two mistakes one can make along the road to truth...not going all the way, and not starting.
    --Prince Gautama Siddharta

    #ubuntuforums web interface

  3. #83
    Join Date
    Aug 2006
    Beans
    82
    Distro
    Kubuntu 13.10 Saucy Salamander

    Re: Share your AppArmor Profiles

    [QUOTE=bodhi.zazen;9357827]You will need to look at the logs

    /var/log/messages[/QUOTE

    There I find the following entries:

    Code:
    type=1502 audit(1274795059.417:103643):  operation="open" pid=6693 parent=6692 profile="/usr/lib/firefox-3.6.5pre/firefox-*bin//null-59" requested_mask="r::" denied_mask="r::" fsuid=1000 ouid=1000 name="/home/tlu/tmp/flashgot.xxxxx.Default_20User/flashgot.fgt"
    
    type=1502 audit(1274795059.417:103644):  operation="mknod" pid=6695 parent=6693 profile="/usr/lib/firefox-3.6.5pre/firefox-*bin//null-59" requested_mask="c::" denied_mask="c::" fsuid=1000 ouid=1000 name="/home/tlu/tmp/flashgot.xxxxx.Default_20User/flashgot.sh.test"
    
    type=1502 audit(1274795059.417:103645):  operation="open" pid=6695 parent=6693 profile="/usr/lib/firefox-3.6.5pre/firefox-*bin//null-59" requested_mask="wc::" denied_mask="wc::" fsuid=1000 ouid=1000 name="/home/tlu/tmp/flashgot.xxxxx.Default_20User/flashgot.sh.test"
    And edit the firefox profile
    I'm not quite sure how. I understand that Flashgot performs a test with every FF start for the available download managers and writes to the tmp folder. So a rule may look like

    @{HOME}/tmp/** w

    IMHO, but isn't that already covered by

    owner @{HOME}/** w

    ???

  4. #84
    Join Date
    Apr 2006
    Location
    Montana
    Beans
    Hidden!
    Distro
    Kubuntu Development Release

    Re: Share your AppArmor Profiles

    [QUOTE=tlu;9357962]
    Quote Originally Posted by bodhi.zazen View Post
    You will need to look at the logs

    /var/log/messages[/QUOTE

    There I find the following entries:

    Code:
    type=1502 audit(1274795059.417:103643):  operation="open" pid=6693 parent=6692 profile="/usr/lib/firefox-3.6.5pre/firefox-*bin//null-59" requested_mask="r::" denied_mask="r::" fsuid=1000 ouid=1000 name="/home/tlu/tmp/flashgot.xxxxx.Default_20User/flashgot.fgt"
    
    type=1502 audit(1274795059.417:103644):  operation="mknod" pid=6695 parent=6693 profile="/usr/lib/firefox-3.6.5pre/firefox-*bin//null-59" requested_mask="c::" denied_mask="c::" fsuid=1000 ouid=1000 name="/home/tlu/tmp/flashgot.xxxxx.Default_20User/flashgot.sh.test"
    
    type=1502 audit(1274795059.417:103645):  operation="open" pid=6695 parent=6693 profile="/usr/lib/firefox-3.6.5pre/firefox-*bin//null-59" requested_mask="wc::" denied_mask="wc::" fsuid=1000 ouid=1000 name="/home/tlu/tmp/flashgot.xxxxx.Default_20User/flashgot.sh.test"
    I'm not quite sure how. I understand that Flashgot performs a test with every FF start for the available download managers and writes to the tmp folder. So a rule may look like

    @{HOME}/tmp/** w

    IMHO, but isn't that already covered by

    owner @{HOME}/** w

    ???
    Well, those errors are for a "null" , so something was denied x access , thus the "null".

    You will need to either wait for a fix or debug the profile. To debug the profile, the following commands often help

    1. tail -F /var/log/messages

    2. aa-logprof

    3. Put firefox into complain mode.

    Close and restart firefox, browse web pages, and debug errors as they occur in the logs.

    I can not debug the profile for you unless you post

    1. your current firefox profile

    2. ALL the logs, not a snippits or partial logs.

    Please keep in mind , we are all volunteers, so we may not have time to do this for you.
    There are two mistakes one can make along the road to truth...not going all the way, and not starting.
    --Prince Gautama Siddharta

    #ubuntuforums web interface

  5. #85
    Join Date
    Sep 2006
    Location
    France.
    Beans
    Hidden!
    Distro
    Ubuntu Mate 16.04 Xenial Xerus

    Re: Share your AppArmor Profiles

    | My old and mostly abandoned blog |
    Linux user #413984 ; Ubuntu user #178
    J'aime les fraises.
    Nighty night me lovelies!

    | Reinstalling Ubuntu ? Please check this bug first ! |
    | Using a ppa ? Please install ppa-purge from universe, you may need it should you want to revert packages back |
    | No support requests / username changes by PM, thanks. |
    [SIGPIC][/SIGPIC]

  6. #86
    Join Date
    Apr 2006
    Location
    Montana
    Beans
    Hidden!
    Distro
    Kubuntu Development Release

    Re: Share your AppArmor Profiles

    Quote Originally Posted by bapoumba View Post
    I am honored, thank you for highlighting Security =)
    There are two mistakes one can make along the road to truth...not going all the way, and not starting.
    --Prince Gautama Siddharta

    #ubuntuforums web interface

  7. #87
    Join Date
    Aug 2006
    Beans
    82
    Distro
    Kubuntu 13.10 Saucy Salamander

    Re: Share your AppArmor Profiles

    Okay, here we go.

    Quote Originally Posted by bodhi.zazen View Post

    Well, those errors are for a "null" , so something was denied x access , thus the "null".

    You will need to either wait for a fix or debug the profile. To debug the profile, the following commands often help

    1. tail -F /var/log/messages

    2. aa-logprof

    3. Put firefox into complain mode.

    Close and restart firefox, browse web pages, and debug errors as they occur in the logs.
    Done.

    I can not debug the profile for you unless you post

    1. your current firefox profile
    Code:
    # vim:syntax=apparmor
    # Author: Jamie Strandboge <jamie@canonical.com>
    
    #include <tunables/global>
    
    /usr/lib/firefox-3.6.5pre/firefox-*bin flags=(complain) {
      #include <abstractions/audio>
      #include <abstractions/base>
      #include <abstractions/cups-client>
      #include <abstractions/dbus>
      #include <abstractions/fonts>
      #include <abstractions/freedesktop.org>
      #include <abstractions/gnome>
      #include <abstractions/kde>
      #include <abstractions/nameservice>
      #include <abstractions/user-tmp>
      #include <abstractions/X>
    
      # for networking
      network inet stream,
      network inet6 stream,
      @{PROC}/[0-9]*/net/if_inet6 r,
      @{PROC}/[0-9]*/net/ipv6_route r,
    
      # should maybe be in abstractions
      /etc/ r,
      /etc/mime.types r,
      /etc/mailcap r,
      /etc/timezone r,
      /etc/wildmidi/wildmidi.cfg r,
      /etc/xdg/xubuntu/applications/defaults.list r,
      /usr/bin/dbus-launch ixr,
      /usr/bin/scim Ux,
      /usr/bin/scim-bridge Ux,
      /usr/bin/apport-bug Ux,
      /usr/local/lib{,32,64}/*.so* mr,
      /usr/lib/gstreamer0.10/gstreamer-0.10/gst-plugin-scanner ix,
      /usr/bin/apturl Uxr,
    
      # firefox specific
      /etc/firefox*/ r,
      /etc/firefox*/** r,
      /etc/xul-ext/** r,
      /etc/xulrunner-1.9*/ r,
      /etc/xulrunner-1.9*/** r,
      /etc/gre.d/ r,
      /etc/gre.d/* r,
    
      # noisy
      deny /usr/lib/firefox-3.6.5pre/** w,
      deny /usr/lib/firefox-addons/** w,
      deny /usr/lib/xulrunner-addons/** w,
      deny /usr/lib/xulrunner-*/components/*.tmp w,
      deny /.suspended r,
      deny /boot/initrd.img* r,
      deny /boot/vmlinuz* r,
    
      # These are needed when a new user starts firefox and firefox.sh is used
      /usr/lib/firefox-3.6.5pre/** ixr,
      /usr/bin/basename ixr,
      /usr/bin/dirname ixr,
      /usr/bin/pwd ixr,
      /sbin/killall5 ixr,
      /bin/which ixr,
      /usr/bin/tr ixr,
      @{PROC}/ r,
      @{PROC}/[0-9]*/cmdline r,
      @{PROC}/[0-9]*/stat r,
      @{PROC}/[0-9]*/status r,
      @{PROC}/filesystems r,
    
      /etc/mtab r,
      /etc/fstab r,
    
      # allow access to documentation and other files the user may want to look
      # at in /usr
      /usr/ r,
      /usr/** r,
    
      # so browsing directories works
      / r,
      /**/ r,
    
      # allow read and write to all user's files, except explicitly denied ones
      @{HOME}/ r,
      @{HOME}/** r,
      owner @{HOME}/** w,
      owner @{HOME}/Desktop/** r,
    
      # removable media and filesystems
      /media/** r,
      /mnt/** r,
      /srv/** r,
      owner /media/** w,
      owner /mnt/** w,
      owner /srv/** w,
    
      #include <abstractions/private-files>
      audit deny @{HOME}/.ssh/** mrwkl,
      audit deny @{HOME}/.gnome2_private/** mrwkl,
    
      # comment this out if using gpg plugin/addons
      audit deny @{HOME}/.gnupg/** mrwkl,
    
      # per-user firefox configuration
      owner @{HOME}/.mozilla/ rw,
      owner @{HOME}/.mozilla/** rw,
      owner @{HOME}/.mozilla/**/*.sqlite* k,
      owner @{HOME}/.mozilla/**/.parentlock k,
      owner @{HOME}/.mozilla/plugins/** rm,
      owner @{HOME}/.mozilla/**/plugins/** rm,
    
      #
      # Extensions
      # /usr/share/.../extensions/... is already covered by '/usr/** r', above.
      # Allow 'x' for downloaded extensions, but inherit policy for safety
      owner @{HOME}/.mozilla/**/extensions/** mixr,
    
      deny /usr/lib/firefox-3.6.5pre/update.test w,
      deny /usr/lib/mozilla/extensions/**/ w,
      deny /usr/lib/xulrunner-addons/extensions/**/ w,
      deny /usr/share/mozilla/extensions/**/ w,
      deny /usr/share/mozilla/ w,
    
      #
      # Plugins/helpers
      #
      @{PROC}/[0-9]*/fd/ r,
      /usr/lib/** rm,
      /bin/bash ixr,
      /bin/dash ixr,
      /bin/grep ixr,
      /bin/sed ixr,
      /bin/ps Uxr,
      /bin/uname Uxr,
      /usr/bin/gnome-codec-install Uxr,
      /usr/bin/m4 ixr,
      /usr/bin/mkfifo Uxr,
      /usr/lib/nspluginwrapper/i386/linux/npviewer Uxr,
      /usr/bin/pulseaudio ixr,
      /var/lib/ r,
      /var/lib/** mr,
    
      # Needed for container to work in xul builds
      /usr/lib/xulrunner-*/plugin-container ixr,
    
      # for maximum plugin/helper compatibility
      #/usr/bin/* Uxr,
      #/usr/lib/*/** ixr,
    
      #
      # For stricter access, comment out the 'maximum plugin/helper compatibility'
      # lines above and uncomment these
      #
    
      # for PDFs
      owner @{HOME}/.adobe/** rw,
      /opt/Adobe/Reader9/bin/acroread Uxr,
      /opt/Adobe/Reader9/** r,
      /usr/bin/evince PUxr,
      /usr/bin/okular Uxr,
    
      # Image viewers
      /usr/bin/eog Uxr,
      /usr/bin/gimp* Uxr,
    
      # Openoffice.org
      /usr/bin/ooffice Uxr,
      /usr/bin/oocalc Uxr,
      /usr/bin/oodraw Uxr,
      /usr/bin/ooimpress Uxr,
      /usr/bin/oowriter Uxr,
      /usr/lib/openoffice/program/soffice Uxr,
    
      # Multimedia
      #include <abstractions/ubuntu-media-players>
      owner @{HOME}/.macromedia/** rw,
      /opt/real/RealPlayer/mozilla/nphelix.so rm,
    
      # Bittorrent clients
      #include <abstractions/ubuntu-bittorrent-clients>
    
      # Archivers
      /usr/bin/ark Uxr,
      /usr/bin/file-roller Uxr,
      /usr/bin/xarchiver Uxr,
    
      # Text editors (It's All Text [https://addons.mozilla.org/en-US/firefox/addon/4125])
      /usr/bin/emacsclient.emacs-snapshot Uxr,
      /usr/bin/emacsclient.emacs22 Uxr,
      /usr/bin/gedit Uxr,
      /usr/bin/vim.gnome Uxr,
      /usr/bin/leafpad Uxr,
      /usr/bin/mousepad Uxr,
    
      # Mozplugger
      /etc/mozpluggerrc r,
      /usr/bin/mozplugger-helper Uxr,
    
      # Java
      @{HOME}/.java/deployment/deployment.properties k,
      /etc/java-*/ r,
      /etc/java-*/** r,
      /usr/lib/jvm/java-6-openjdk/jre/bin/java cx -> firefox_openjdk,
      /usr/lib/jvm/java-*-sun-1.*/jre/bin/java{,_vm} cx -> firefox_java,
      /usr/lib/jvm/java-*-sun-1.*/jre/lib/*/libnp*.so cx -> firefox_java,
      /usr/lib/j2*-ibm/jre/bin/java cx -> firefox_java,
    
      # for mailto:
      #include <abstractions/ubuntu-email>
      #include <abstractions/ubuntu-console-email>
    
      # Terminals for using console applications. These abstractions should ideally
      # have 'ix' to restrct access to what only firefox is allowed to do
      #include <abstractions/ubuntu-gnome-terminal>
    
      # By default, we won't support launching a terminal program in Xterm or
      # KDE's konsole. It opens up too many unnecessary files for most users.
      # People who need this functionality can uncomment the following:
      ##include <abstractions/ubuntu-xterm>
      ##include <abstractions/ubuntu-konsole>
    
      # Miscellaneous (to be abstracted)
      /usr/bin/nautilus Uxr,
      /usr/bin/thunar Uxr,
      /usr/bin/liferea-add-feed Uxr,
    
    
      #
      # Child profiles
      #
    
      # Profile for the supported OpenJDK in Ubuntu. This doesn't require the
      # unfortunate workarounds of the proprietary Javas, so have a separate
      # profile.
    profile firefox_openjdk flags=(complain) {
        #include <abstractions/base>
        #include <abstractions/fonts>
        #include <abstractions/gnome>
        #include <abstractions/kde>
        #include <abstractions/nameservice>
        #include <abstractions/ssl_certs>
        #include <abstractions/user-tmp>
        #include <abstractions/private-files-strict>
    
        network inet stream,
        network inet6 stream,
        @{PROC}/[0-9]*/net/if_inet6 r,
        @{PROC}/[0-9]*/net/ipv6_route r,
    
        /etc/java-*/ r,
        /etc/java-*/** r,
        /etc/lsb-release r,
        /etc/ssl/certs/java/* r,
        /etc/timezone r,
    
        @{PROC}/[0-9]*/ r,
        @{PROC}/[0-9]*/fd/ r,
        @{PROC}/filesystems r,
        /sys/devices/system/cpu/ r,
        /sys/devices/system/cpu/** r,
        /usr/share/** r,
        /var/lib/dbus/machine-id r,
    
        /usr/bin/env ix,
        /usr/lib/jvm/java-6-openjdk/jre/bin/java ix,
        /usr/lib/jvm/java-6-openjdk/jre/lib/i386/client/classes.jsa m,
    
        # Why would java need this?
        deny /usr/bin/gconftool-2 x,
    
        owner @{HOME}/ r,
        owner @{HOME}/** rwk,
      }
    
      # Profile for commercial Javas. These need workarounds to work right (eg
      # Sun's forcing of an executable stack (LP: #535247)).
    profile firefox_java flags=(complain) {
        #include <abstractions/base>
        #include <abstractions/fonts>
        #include <abstractions/gnome>
        #include <abstractions/kde>
        #include <abstractions/nameservice>
        #include <abstractions/ssl_certs>
        #include <abstractions/user-tmp>
        #include <abstractions/private-files-strict>
    
        network inet stream,
        network inet6 stream,
        @{PROC}/[0-9]*/net/if_inet6 r,
        @{PROC}/[0-9]*/net/ipv6_route r,
    
        /etc/java-*/ r,
        /etc/java-*/** r,
        /etc/lsb-release r,
        /etc/ssl/certs/java/* r,
        /etc/timezone r,
    
        @{PROC}/[0-9]*/ r,
        @{PROC}/[0-9]*/fd/ r,
        @{PROC}/filesystems r,
        /sys/devices/system/cpu/ r,
        /sys/devices/system/cpu/** r,
        /usr/share/** r,
        /var/lib/dbus/machine-id r,
    
        /usr/bin/env ix,
        /usr/lib/jvm/java-*-sun-1.*/jre/bin/java{,_vm} ix,
        /usr/lib/jvm/java-*-sun-1.*/jre/lib/i386/client/classes.jsa m,
        /usr/lib/j2*-ibm/jre/bin/java ix,
    
        # noisy, can't write here anyway
        deny /etc/.java/ w,
        deny /etc/.java/** w,
    
        deny /usr/bin/gconftool-2 x,
    
        owner @{HOME}/ r,
        owner @{HOME}/** rwk,
    
        # These are seriously unfortunate, but required due to LP: #535247
        /etc/passwd m,
        owner @{HOME}/.java/**/cache/** m,
        owner /tmp/** m,
        /usr/lib{,32,64}/jvm/**/*.jar mr,
        /usr/share/fonts/** m,
      }
    }
    2. ALL the logs, not a snippits or partial logs.
    Code:
    May 27 19:27:53 HANNIBAL kernel: [ 4615.385020] __ratelimit: 171 callbacks suppressed
    May 27 19:27:53 HANNIBAL kernel: [ 4615.385023] type=1502 audit(1274981273.799:2833):  operation="exec" pid=3863 parent=3862 profile="/usr/lib/firefox-3.6.5pre/firefox-*bin" requested_mask="x::" denied_mask="x::" fsuid=1000 ouid=1000 name="/home/tlu/tmp/flashgot.ho87hudj.Default_20User/flashgot.fgt" name2="/usr/lib/firefox-3.6.5pre/firefox-*bin//null-4a"
    May 27 19:27:53 HANNIBAL kernel: [ 4615.386674] type=1502 audit(1274981273.799:2834):  operation="open" pid=3863 parent=3862 profile="/usr/lib/firefox-3.6.5pre/firefox-*bin//null-4a" requested_mask="::r" denied_mask="::r" fsuid=1000 ouid=0 name="/etc/ld.so.cache"
    May 27 19:27:53 HANNIBAL kernel: [ 4615.386701] type=1502 audit(1274981273.799:2835):  operation="open" pid=3863 parent=3862 profile="/usr/lib/firefox-3.6.5pre/firefox-*bin//null-4a" requested_mask="::r" denied_mask="::r" fsuid=1000 ouid=0 name="/lib/tls/i686/cmov/libc-2.11.1.so"
    May 27 19:27:53 HANNIBAL kernel: [ 4615.386713] type=1502 audit(1274981273.799:2836):  operation="file_mmap" pid=3863 parent=3862 profile="/usr/lib/firefox-3.6.5pre/firefox-*bin//null-4a" requested_mask="::mr" denied_mask="::mr" fsuid=1000 ouid=0 name="/lib/tls/i686/cmov/libc-2.11.1.so"
    May 27 19:27:53 HANNIBAL kernel: [ 4615.386945] type=1502 audit(1274981273.799:2837):  operation="open" pid=3863 parent=3862 profile="/usr/lib/firefox-3.6.5pre/firefox-*bin//null-4a" requested_mask="r::" denied_mask="r::" fsuid=1000 ouid=1000 name="/home/tlu/tmp/flashgot.ho87hudj.Default_20User/flashgot.fgt"
    May 27 19:27:53 HANNIBAL kernel: [ 4615.387076] type=1502 audit(1274981273.799:2838):  operation="mknod" pid=3864 parent=3863 profile="/usr/lib/firefox-3.6.5pre/firefox-*bin//null-4a" requested_mask="c::" denied_mask="c::" fsuid=1000 ouid=1000 name="/home/tlu/tmp/flashgot.ho87hudj.Default_20User/flashgot.sh.test"
    May 27 19:27:53 HANNIBAL kernel: [ 4615.387096] type=1502 audit(1274981273.799:2839):  operation="open" pid=3864 parent=3863 profile="/usr/lib/firefox-3.6.5pre/firefox-*bin//null-4a" requested_mask="wc::" denied_mask="wc::" fsuid=1000 ouid=1000 name="/home/tlu/tmp/flashgot.ho87hudj.Default_20User/flashgot.sh.test"
    May 27 19:27:53 HANNIBAL kernel: [ 4615.387111] type=1502 audit(1274981273.799:2840):  operation="open" pid=3864 parent=3863 profile="/usr/lib/firefox-3.6.5pre/firefox-*bin//null-4a" requested_mask="::wc" denied_mask="::wc" fsuid=1000 ouid=0 name="/dev/null"
    May 27 19:27:53 HANNIBAL kernel: [ 4615.387264] type=1502 audit(1274981273.799:2841):  operation="exec" pid=3865 parent=3864 profile="/usr/lib/firefox-3.6.5pre/firefox-*bin//null-4a" requested_mask="::x" denied_mask="::x" fsuid=1000 ouid=0 name="/bin/which" name2="/usr/lib/firefox-3.6.5pre/firefox-*bin//null-4a//null-4b"
    May 27 19:27:53 HANNIBAL kernel: [ 4615.387502] type=1502 audit(1274981273.799:2842):  operation="open" pid=3865 parent=3864 profile="/usr/lib/firefox-3.6.5pre/firefox-*bin//null-4a//null-4b" requested_mask="::r" denied_mask="::r" fsuid=1000 ouid=0 name="/etc/ld.so.cache"
    May 27 19:34:20 HANNIBAL kernel: [ 5002.259512] [UFW BLOCK] IN=eth0 OUT= MAC=00:1d:7d:ad:8f:1a:00:0f:b5:c9:9f:54:08:00 SRC=63.245.209.92 DST=192.168.0.2 LEN=40 TOS=0x00 PREC=0x00 TTL=52 ID=0 DF PROTO=TCP SPT=443 DPT=37988 WINDOW=0 RES=0x00 RST URGP=0 
    May 27 19:34:20 HANNIBAL kernel: [ 5002.309759] [UFW BLOCK] IN=eth0 OUT= MAC=00:1d:7d:ad:8f:1a:00:0f:b5:c9:9f:54:08:00 SRC=63.245.209.92 DST=192.168.0.2 LEN=40 TOS=0x00 PREC=0x00 TTL=52 ID=0 DF PROTO=TCP SPT=443 DPT=37990 WINDOW=0 RES=0x00 RST URGP=0 
    May 27 19:34:20 HANNIBAL kernel: [ 5002.319601] [UFW BLOCK] IN=eth0 OUT= MAC=00:1d:7d:ad:8f:1a:00:0f:b5:c9:9f:54:08:00 SRC=63.245.209.92 DST=192.168.0.2 LEN=40 TOS=0x00 PREC=0x00 TTL=52 ID=0 DF PROTO=TCP SPT=443 DPT=37989 WINDOW=0 RES=0x00 RST URGP=0 
    May 27 19:34:20 HANNIBAL kernel: [ 5002.337848] [UFW BLOCK] IN=eth0 OUT= MAC=00:1d:7d:ad:8f:1a:00:0f:b5:c9:9f:54:08:00 SRC=63.245.209.92 DST=192.168.0.2 LEN=40 TOS=0x00 PREC=0x00 TTL=52 ID=0 DF PROTO=TCP SPT=443 DPT=37992 WINDOW=0 RES=0x00 RST URGP=0 
    May 27 19:34:21 HANNIBAL kernel: [ 5002.767097] [UFW BLOCK] IN=eth0 OUT= MAC=00:1d:7d:ad:8f:1a:00:0f:b5:c9:9f:54:08:00 SRC=63.245.209.92 DST=192.168.0.2 LEN=40 TOS=0x00 PREC=0x00 TTL=52 ID=0 DF PROTO=TCP SPT=443 DPT=37993 WINDOW=0 RES=0x00 RST URGP=0 
    May 27 19:34:21 HANNIBAL kernel: [ 5003.073328] [UFW BLOCK] IN=eth0 OUT= MAC=00:1d:7d:ad:8f:1a:00:0f:b5:c9:9f:54:08:00 SRC=63.245.209.92 DST=192.168.0.2 LEN=40 TOS=0x00 PREC=0x00 TTL=52 ID=0 DF PROTO=TCP SPT=443 DPT=37995 WINDOW=0 RES=0x00 RST URGP=0 
    May 27 19:34:21 HANNIBAL kernel: [ 5003.094728] [UFW BLOCK] IN=eth0 OUT= MAC=00:1d:7d:ad:8f:1a:00:0f:b5:c9:9f:54:08:00 SRC=63.245.209.92 DST=192.168.0.2 LEN=40 TOS=0x00 PREC=0x00 TTL=52 ID=0 DF PROTO=TCP SPT=443 DPT=37998 WINDOW=0 RES=0x00 RST URGP=0 
    May 27 19:34:21 HANNIBAL kernel: [ 5003.330665] [UFW BLOCK] IN=eth0 OUT= MAC=00:1d:7d:ad:8f:1a:00:0f:b5:c9:9f:54:08:00 SRC=63.245.209.92 DST=192.168.0.2 LEN=40 TOS=0x00 PREC=0x00 TTL=52 ID=0 DF PROTO=TCP SPT=443 DPT=37996 WINDOW=0 RES=0x00 RST URGP=0 
    May 27 19:34:21 HANNIBAL kernel: [ 5003.361158] [UFW BLOCK] IN=eth0 OUT= MAC=00:1d:7d:ad:8f:1a:00:0f:b5:c9:9f:54:08:00 SRC=63.245.209.92 DST=192.168.0.2 LEN=40 TOS=0x00 PREC=0x00 TTL=52 ID=0 DF PROTO=TCP SPT=443 DPT=37999 WINDOW=0 RES=0x00 RST URGP=0 
    May 27 19:34:22 HANNIBAL kernel: [ 5003.822960] [UFW BLOCK] IN=eth0 OUT= MAC=00:1d:7d:ad:8f:1a:00:0f:b5:c9:9f:54:08:00 SRC=63.245.209.92 DST=192.168.0.2 LEN=40 TOS=0x00 PREC=0x00 TTL=52 ID=0 DF PROTO=TCP SPT=443 DPT=38000 WINDOW=0 RES=0x00 RST URGP=0 
    May 27 19:36:31 HANNIBAL kernel: [ 5133.520769] __ratelimit: 171 callbacks suppressed
    May 27 19:36:31 HANNIBAL kernel: [ 5133.520773] type=1502 audit(1274981791.935:2900):  operation="exec" pid=4117 parent=4116 profile="/usr/lib/firefox-3.6.5pre/firefox-*bin" requested_mask="x::" denied_mask="x::" fsuid=1000 ouid=1000 name="/home/tlu/tmp/flashgot.ho87hudj.Default_20User/flashgot.fgt" name2="/usr/lib/firefox-3.6.5pre/firefox-*bin//null-56"
    May 27 19:36:31 HANNIBAL kernel: [ 5133.523085] type=1502 audit(1274981791.935:2901):  operation="open" pid=4117 parent=4116 profile="/usr/lib/firefox-3.6.5pre/firefox-*bin//null-56" requested_mask="::r" denied_mask="::r" fsuid=1000 ouid=0 name="/etc/ld.so.cache"
    May 27 19:36:31 HANNIBAL kernel: [ 5133.523124] type=1502 audit(1274981791.935:2902):  operation="open" pid=4117 parent=4116 profile="/usr/lib/firefox-3.6.5pre/firefox-*bin//null-56" requested_mask="::r" denied_mask="::r" fsuid=1000 ouid=0 name="/lib/tls/i686/cmov/libc-2.11.1.so"
    May 27 19:36:31 HANNIBAL kernel: [ 5133.523140] type=1502 audit(1274981791.935:2903):  operation="file_mmap" pid=4117 parent=4116 profile="/usr/lib/firefox-3.6.5pre/firefox-*bin//null-56" requested_mask="::mr" denied_mask="::mr" fsuid=1000 ouid=0 name="/lib/tls/i686/cmov/libc-2.11.1.so"
    May 27 19:36:31 HANNIBAL kernel: [ 5133.523471] type=1502 audit(1274981791.935:2904):  operation="open" pid=4117 parent=4116 profile="/usr/lib/firefox-3.6.5pre/firefox-*bin//null-56" requested_mask="r::" denied_mask="r::" fsuid=1000 ouid=1000 name="/home/tlu/tmp/flashgot.ho87hudj.Default_20User/flashgot.fgt"
    May 27 19:36:31 HANNIBAL kernel: [ 5133.523665] type=1502 audit(1274981791.935:2905):  operation="mknod" pid=4118 parent=4117 profile="/usr/lib/firefox-3.6.5pre/firefox-*bin//null-56" requested_mask="c::" denied_mask="c::" fsuid=1000 ouid=1000 name="/home/tlu/tmp/flashgot.ho87hudj.Default_20User/flashgot.sh.test"
    May 27 19:36:31 HANNIBAL kernel: [ 5133.523693] type=1502 audit(1274981791.935:2906):  operation="open" pid=4118 parent=4117 profile="/usr/lib/firefox-3.6.5pre/firefox-*bin//null-56" requested_mask="wc::" denied_mask="wc::" fsuid=1000 ouid=1000 name="/home/tlu/tmp/flashgot.ho87hudj.Default_20User/flashgot.sh.test"
    May 27 19:36:31 HANNIBAL kernel: [ 5133.523714] type=1502 audit(1274981791.935:2907):  operation="open" pid=4118 parent=4117 profile="/usr/lib/firefox-3.6.5pre/firefox-*bin//null-56" requested_mask="::wc" denied_mask="::wc" fsuid=1000 ouid=0 name="/dev/null"
    May 27 19:36:31 HANNIBAL kernel: [ 5133.523937] type=1502 audit(1274981791.935:2908):  operation="exec" pid=4119 parent=4118 profile="/usr/lib/firefox-3.6.5pre/firefox-*bin//null-56" requested_mask="::x" denied_mask="::x" fsuid=1000 ouid=0 name="/bin/which" name2="/usr/lib/firefox-3.6.5pre/firefox-*bin//null-56//null-57"
    May 27 19:36:31 HANNIBAL kernel: [ 5133.524555] type=1502 audit(1274981791.939:2909):  operation="open" pid=4119 parent=4118 profile="/usr/lib/firefox-3.6.5pre/firefox-*bin//null-56//null-57" requested_mask="::r" denied_mask="::r" fsuid=1000 ouid=0 name="/etc/ld.so.cache"

    Please keep in mind , we are all volunteers, so we may not have time to do this for you.
    I understand that, and I appreciate your work!
    Last edited by tlu; May 27th, 2010 at 06:45 PM.

  8. #88
    Join Date
    Apr 2006
    Location
    Montana
    Beans
    Hidden!
    Distro
    Kubuntu Development Release

    Re: Share your AppArmor Profiles

    Do you see the "null" in those logs ?

    May 27 19:27:53 HANNIBAL kernel: [ 4615.385023] type=1502 audit(1274981273.799:2833): operation="exec" pid=3863 parent=3862 profile="/usr/lib/firefox-3.6.5pre/firefox-*bin" requested_mask="x::" denied_mask="x::" fsuid=1000 ouid=1000 name="/home/tlu/tmp/flashgot.ho87hudj.Default_20User/flashgot.fgt" name2="/usr/lib/firefox-3.6.5pre/firefox-*bin//null-4a"

    I emphasized that one ^^

    When firefox calls an program, such as /bin/sh or /bin/foo, if your apparmor profile denies access, all the rest of the calls are denied and labeled "null"

    so "firefox-*bin//null-xx"

    The null profile will give all sorts of errors, these are all red herrings.

    You need to fix the original execution denial, the one that triggered all those nulls.

    Since you have not posted that, I can not fix your problem as you have not posted the original denial, the one that triggered all those nulls.
    There are two mistakes one can make along the road to truth...not going all the way, and not starting.
    --Prince Gautama Siddharta

    #ubuntuforums web interface

  9. #89
    Join Date
    Apr 2006
    Location
    Montana
    Beans
    Hidden!
    Distro
    Kubuntu Development Release

    Re: Share your AppArmor Profiles

    Furthermore, your profile is not in complain mode, so if you are having a problem, it is not due to apparmor.
    There are two mistakes one can make along the road to truth...not going all the way, and not starting.
    --Prince Gautama Siddharta

    #ubuntuforums web interface

  10. #90
    Join Date
    Aug 2006
    Beans
    82
    Distro
    Kubuntu 13.10 Saucy Salamander

    Re: Share your AppArmor Profiles

    Quote Originally Posted by bodhi.zazen View Post
    You need to fix the original execution denial, the one that triggered all those nulls.

    Since you have not posted that, I can not fix your problem as you have not posted the original denial, the one that triggered all those nulls.
    Thanks, bodhi.zazen. Here's the complete output:
    Code:
    tail -F /var/log/messages
    May 28 13:12:59 HANNIBAL kernel: [ 4516.753204] type=1502 audit(1275045179.837:246):  operation="open" pid=3728 parent=3727 profile="/usr/lib/firefox-3.6.5pre/firefox-*bin//null-48" requested_mask="::r" denied_mask="::r" fsuid=1000 ouid=0 name="/lib/tls/i686/cmov/libc-2.11.1.so"
    May 28 13:12:59 HANNIBAL kernel: [ 4516.753216] type=1502 audit(1275045179.837:247):  operation="file_mmap" pid=3728 parent=3727 profile="/usr/lib/firefox-3.6.5pre/firefox-*bin//null-48" requested_mask="::mr" denied_mask="::mr" fsuid=1000 ouid=0 name="/lib/tls/i686/cmov/libc-2.11.1.so"
    May 28 13:12:59 HANNIBAL kernel: [ 4516.753445] type=1502 audit(1275045179.837:248):  operation="open" pid=3728 parent=3727 profile="/usr/lib/firefox-3.6.5pre/firefox-*bin//null-48" requested_mask="r::" denied_mask="r::" fsuid=1000 ouid=1000 name="/home/tlu/tmp/flashgot.ho87hudj.Default_20User/flashgot.fgt"
    May 28 13:12:59 HANNIBAL kernel: [ 4516.753575] type=1502 audit(1275045179.837:249):  operation="mknod" pid=3730 parent=3728 profile="/usr/lib/firefox-3.6.5pre/firefox-*bin//null-48" requested_mask="c::" denied_mask="c::" fsuid=1000 ouid=1000 name="/home/tlu/tmp/flashgot.ho87hudj.Default_20User/flashgot.sh.test"
    May 28 13:12:59 HANNIBAL kernel: [ 4516.753594] type=1502 audit(1275045179.837:250):  operation="open" pid=3730 parent=3728 profile="/usr/lib/firefox-3.6.5pre/firefox-*bin//null-48" requested_mask="wc::" denied_mask="wc::" fsuid=1000 ouid=1000 name="/home/tlu/tmp/flashgot.ho87hudj.Default_20User/flashgot.sh.test"
    May 28 13:12:59 HANNIBAL kernel: [ 4516.753608] type=1502 audit(1275045179.837:251):  operation="open" pid=3730 parent=3728 profile="/usr/lib/firefox-3.6.5pre/firefox-*bin//null-48" requested_mask="::wc" denied_mask="::wc" fsuid=1000 ouid=0 name="/dev/null"
    May 28 13:12:59 HANNIBAL kernel: [ 4516.753768] type=1502 audit(1275045179.837:252):  operation="exec" pid=3731 parent=3730 profile="/usr/lib/firefox-3.6.5pre/firefox-*bin//null-48" requested_mask="::x" denied_mask="::x" fsuid=1000 ouid=0 name="/bin/which" name2="/usr/lib/firefox-3.6.5pre/firefox-*bin//null-48//null-49"
    May 28 13:12:59 HANNIBAL kernel: [ 4516.754015] type=1502 audit(1275045179.837:253):  operation="open" pid=3731 parent=3730 profile="/usr/lib/firefox-3.6.5pre/firefox-*bin//null-48//null-49" requested_mask="::r" denied_mask="::r" fsuid=1000 ouid=0 name="/etc/ld.so.cache"
    May 28 13:27:40 HANNIBAL sudo: pam_sm_authenticate: Called
    May 28 13:27:40 HANNIBAL sudo: pam_sm_authenticate: username = [tlu]
    ^C
    tlu@HANNIBAL:~$ sudo aa-logprof
    Reading log entries from /var/log/messages.
    Updating AppArmor profiles in /etc/apparmor.d.
    tlu@HANNIBAL:~$ tail -F /var/log/messages
    May 28 13:12:59 HANNIBAL kernel: [ 4516.753204] type=1502 audit(1275045179.837:246):  operation="open" pid=3728 parent=3727 profile="/usr/lib/firefox-3.6.5pre/firefox-*bin//null-48" requested_mask="::r" denied_mask="::r" fsuid=1000 ouid=0 name="/lib/tls/i686/cmov/libc-2.11.1.so"
    May 28 13:12:59 HANNIBAL kernel: [ 4516.753216] type=1502 audit(1275045179.837:247):  operation="file_mmap" pid=3728 parent=3727 profile="/usr/lib/firefox-3.6.5pre/firefox-*bin//null-48" requested_mask="::mr" denied_mask="::mr" fsuid=1000 ouid=0 name="/lib/tls/i686/cmov/libc-2.11.1.so"
    May 28 13:12:59 HANNIBAL kernel: [ 4516.753445] type=1502 audit(1275045179.837:248):  operation="open" pid=3728 parent=3727 profile="/usr/lib/firefox-3.6.5pre/firefox-*bin//null-48" requested_mask="r::" denied_mask="r::" fsuid=1000 ouid=1000 name="/home/tlu/tmp/flashgot.ho87hudj.Default_20User/flashgot.fgt"
    May 28 13:12:59 HANNIBAL kernel: [ 4516.753575] type=1502 audit(1275045179.837:249):  operation="mknod" pid=3730 parent=3728 profile="/usr/lib/firefox-3.6.5pre/firefox-*bin//null-48" requested_mask="c::" denied_mask="c::" fsuid=1000 ouid=1000 name="/home/tlu/tmp/flashgot.ho87hudj.Default_20User/flashgot.sh.test"
    May 28 13:12:59 HANNIBAL kernel: [ 4516.753594] type=1502 audit(1275045179.837:250):  operation="open" pid=3730 parent=3728 profile="/usr/lib/firefox-3.6.5pre/firefox-*bin//null-48" requested_mask="wc::" denied_mask="wc::" fsuid=1000 ouid=1000 name="/home/tlu/tmp/flashgot.ho87hudj.Default_20User/flashgot.sh.test"
    May 28 13:12:59 HANNIBAL kernel: [ 4516.753608] type=1502 audit(1275045179.837:251):  operation="open" pid=3730 parent=3728 profile="/usr/lib/firefox-3.6.5pre/firefox-*bin//null-48" requested_mask="::wc" denied_mask="::wc" fsuid=1000 ouid=0 name="/dev/null"
    May 28 13:12:59 HANNIBAL kernel: [ 4516.753768] type=1502 audit(1275045179.837:252):  operation="exec" pid=3731 parent=3730 profile="/usr/lib/firefox-3.6.5pre/firefox-*bin//null-48" requested_mask="::x" denied_mask="::x" fsuid=1000 ouid=0 name="/bin/which" name2="/usr/lib/firefox-3.6.5pre/firefox-*bin//null-48//null-49"
    May 28 13:12:59 HANNIBAL kernel: [ 4516.754015] type=1502 audit(1275045179.837:253):  operation="open" pid=3731 parent=3730 profile="/usr/lib/firefox-3.6.5pre/firefox-*bin//null-48//null-49" requested_mask="::r" denied_mask="::r" fsuid=1000 ouid=0 name="/etc/ld.so.cache"
    May 28 13:27:40 HANNIBAL sudo: pam_sm_authenticate: Called
    May 28 13:27:40 HANNIBAL sudo: pam_sm_authenticate: username = [tlu]
    May 28 13:32:47 HANNIBAL kernel: [ 5704.841463] __ratelimit: 171 callbacks suppressed
    May 28 13:32:47 HANNIBAL kernel: [ 5704.841467] type=1502 audit(1275046367.925:311):  operation="exec" pid=4179 parent=4178 profile="/usr/lib/firefox-3.6.5pre/firefox-*bin" requested_mask="x::" denied_mask="x::" fsuid=1000 ouid=1000 name="/home/tlu/tmp/flashgot.ho87hudj.Default_20User/flashgot.fgt" name2="/usr/lib/firefox-3.6.5pre/firefox-*bin//null-54"
    May 28 13:32:47 HANNIBAL kernel: [ 5704.843740] type=1502 audit(1275046367.925:312):  operation="open" pid=4179 parent=4178 profile="/usr/lib/firefox-3.6.5pre/firefox-*bin//null-54" requested_mask="::r" denied_mask="::r" fsuid=1000 ouid=0 name="/etc/ld.so.cache"
    May 28 13:32:47 HANNIBAL kernel: [ 5704.843779] type=1502 audit(1275046367.925:313):  operation="open" pid=4179 parent=4178 profile="/usr/lib/firefox-3.6.5pre/firefox-*bin//null-54" requested_mask="::r" denied_mask="::r" fsuid=1000 ouid=0 name="/lib/tls/i686/cmov/libc-2.11.1.so"
    May 28 13:32:47 HANNIBAL kernel: [ 5704.843796] type=1502 audit(1275046367.925:314):  operation="file_mmap" pid=4179 parent=4178 profile="/usr/lib/firefox-3.6.5pre/firefox-*bin//null-54" requested_mask="::mr" denied_mask="::mr" fsuid=1000 ouid=0 name="/lib/tls/i686/cmov/libc-2.11.1.so"
    May 28 13:32:47 HANNIBAL kernel: [ 5704.844125] type=1502 audit(1275046367.929:315):  operation="open" pid=4179 parent=4178 profile="/usr/lib/firefox-3.6.5pre/firefox-*bin//null-54" requested_mask="r::" denied_mask="r::" fsuid=1000 ouid=1000 name="/home/tlu/tmp/flashgot.ho87hudj.Default_20User/flashgot.fgt"
    May 28 13:32:47 HANNIBAL kernel: [ 5704.844312] type=1502 audit(1275046367.929:316):  operation="mknod" pid=4180 parent=4179 profile="/usr/lib/firefox-3.6.5pre/firefox-*bin//null-54" requested_mask="c::" denied_mask="c::" fsuid=1000 ouid=1000 name="/home/tlu/tmp/flashgot.ho87hudj.Default_20User/flashgot.sh.test"
    May 28 13:32:47 HANNIBAL kernel: [ 5704.844347] type=1502 audit(1275046367.929:317):  operation="open" pid=4180 parent=4179 profile="/usr/lib/firefox-3.6.5pre/firefox-*bin//null-54" requested_mask="wc::" denied_mask="wc::" fsuid=1000 ouid=1000 name="/home/tlu/tmp/flashgot.ho87hudj.Default_20User/flashgot.sh.test"
    May 28 13:32:47 HANNIBAL kernel: [ 5704.844368] type=1502 audit(1275046367.929:318):  operation="open" pid=4180 parent=4179 profile="/usr/lib/firefox-3.6.5pre/firefox-*bin//null-54" requested_mask="::wc" denied_mask="::wc" fsuid=1000 ouid=0 name="/dev/null"
    May 28 13:32:47 HANNIBAL kernel: [ 5704.844599] type=1502 audit(1275046367.929:319):  operation="exec" pid=4181 parent=4180 profile="/usr/lib/firefox-3.6.5pre/firefox-*bin//null-54" requested_mask="::x" denied_mask="::x" fsuid=1000 ouid=0 name="/bin/which" name2="/usr/lib/firefox-3.6.5pre/firefox-*bin//null-54//null-55"
    May 28 13:32:47 HANNIBAL kernel: [ 5704.845427] type=1502 audit(1275046367.929:320):  operation="open" pid=4181 parent=4180 profile="/usr/lib/firefox-3.6.5pre/firefox-*bin//null-54//null-55" requested_mask="::r" denied_mask="::r" fsuid=1000 ouid=0 name="/etc/ld.so.cache"
    May 28 13:36:14 HANNIBAL kernel: [ 5911.790337] __ratelimit: 171 callbacks suppressed
    May 28 13:36:14 HANNIBAL kernel: [ 5911.790341] type=1502 audit(1275046574.873:378):  operation="exec" pid=4207 parent=4178 profile="/usr/lib/firefox-3.6.5pre/firefox-*bin" requested_mask="x::" denied_mask="x::" fsuid=1000 ouid=1000 name="/home/tlu/tmp/flashgot.ho87hudj.Default_20User/flashgot-1.fgt" name2="/usr/lib/firefox-3.6.5pre/firefox-*bin//null-60"
    May 28 13:36:14 HANNIBAL kernel: [ 5911.793490] type=1502 audit(1275046574.877:379):  operation="open" pid=4207 parent=4178 profile="/usr/lib/firefox-3.6.5pre/firefox-*bin//null-60" requested_mask="::r" denied_mask="::r" fsuid=1000 ouid=0 name="/etc/ld.so.cache"
    May 28 13:36:14 HANNIBAL kernel: [ 5911.793529] type=1502 audit(1275046574.877:380):  operation="open" pid=4207 parent=4178 profile="/usr/lib/firefox-3.6.5pre/firefox-*bin//null-60" requested_mask="::r" denied_mask="::r" fsuid=1000 ouid=0 name="/lib/tls/i686/cmov/libc-2.11.1.so"
    May 28 13:36:14 HANNIBAL kernel: [ 5911.793546] type=1502 audit(1275046574.877:381):  operation="file_mmap" pid=4207 parent=4178 profile="/usr/lib/firefox-3.6.5pre/firefox-*bin//null-60" requested_mask="::mr" denied_mask="::mr" fsuid=1000 ouid=0 name="/lib/tls/i686/cmov/libc-2.11.1.so"
    May 28 13:36:14 HANNIBAL kernel: [ 5911.793872] type=1502 audit(1275046574.877:382):  operation="open" pid=4207 parent=4178 profile="/usr/lib/firefox-3.6.5pre/firefox-*bin//null-60" requested_mask="r::" denied_mask="r::" fsuid=1000 ouid=1000 name="/home/tlu/tmp/flashgot.ho87hudj.Default_20User/flashgot-1.fgt"
    May 28 13:36:14 HANNIBAL kernel: [ 5911.794003] type=1502 audit(1275046574.877:383):  operation="open" pid=4210 parent=4207 profile="/usr/lib/firefox-3.6.5pre/firefox-*bin//null-60" requested_mask="::r" denied_mask="::r" fsuid=1000 ouid=0 name="/dev/null"
    May 28 13:36:14 HANNIBAL kernel: [ 5911.794125] type=1502 audit(1275046574.877:384):  operation="exec" pid=4210 parent=1 profile="/usr/lib/firefox-3.6.5pre/firefox-*bin//null-60" requested_mask="::x" denied_mask="::x" fsuid=1000 ouid=0 name="/usr/bin/kget" name2="/usr/lib/firefox-3.6.5pre/firefox-*bin//null-60//null-61"
    May 28 13:36:14 HANNIBAL kernel: [ 5911.818437] type=1502 audit(1275046574.902:385):  operation="open" pid=4210 parent=1 profile="/usr/lib/firefox-3.6.5pre/firefox-*bin//null-60//null-61" requested_mask="::r" denied_mask="::r" fsuid=1000 ouid=0 name="/usr/lib/libkdeui.so.5.4.0"
    May 28 13:36:14 HANNIBAL kernel: [ 5911.818453] type=1502 audit(1275046574.902:386):  operation="file_mmap" pid=4210 parent=1 profile="/usr/lib/firefox-3.6.5pre/firefox-*bin//null-60//null-61" requested_mask="::mr" denied_mask="::mr" fsuid=1000 ouid=0 name="/usr/lib/libkdeui.so.5.4.0"
    May 28 13:36:14 HANNIBAL kernel: [ 5911.818523] type=1502 audit(1275046574.902:387):  operation="open" pid=4210 parent=1 profile="/usr/lib/firefox-3.6.5pre/firefox-*bin//null-60//null-61" requested_mask="::r" denied_mask="::r" fsuid=1000 ouid=0 name="/usr/lib/libkio.so.5.4.0"
    May 28 13:36:20 HANNIBAL kernel: [ 5917.701743] __ratelimit: 5838 callbacks suppressed
    May 28 13:36:20 HANNIBAL kernel: [ 5917.701746] type=1502 audit(1275046580.786:2334):  operation="truncate" pid=4211 parent=1 profile="/usr/lib/firefox-3.6.5pre/firefox-*bin//null-60//null-61" requested_mask="w::" denied_mask="w::" fsuid=1000 ouid=1000 name="/home/tlu/.kde/share/apps/kget/transfers.kgt"
    May 28 13:36:20 HANNIBAL kernel: [ 5917.701798] type=1502 audit(1275046580.786:2335):  operation="open" pid=4211 parent=1 profile="/usr/lib/firefox-3.6.5pre/firefox-*bin//null-60//null-61" requested_mask="wc::" denied_mask="wc::" fsuid=1000 ouid=1000 name="/home/tlu/.kde/share/apps/kget/transfers.kgt"
    May 28 13:36:21 HANNIBAL kernel: [ 5918.283662] type=1502 audit(1275046581.367:2336):  operation="unlink" pid=4211 parent=1 profile="/usr/lib/firefox-3.6.5pre/firefox-*bin//null-60//null-61" requested_mask="d::" denied_mask="d::" fsuid=1000 ouid=1000 name="/home/tlu/.kde/share/apps/kget/checksumsearch/0"
    May 28 13:36:21 HANNIBAL kernel: [ 5918.288437] type=1502 audit(1275046581.373:2337):  operation="mknod" pid=4211 parent=1 profile="/usr/lib/firefox-3.6.5pre/firefox-*bin//null-60//null-61" requested_mask="c::" denied_mask="c::" fsuid=1000 ouid=1000 name="/tmp/ksocket-tlu/kgetNu4211.slave-socket"
    May 28 13:36:21 HANNIBAL kernel: [ 5918.288469] type=1502 audit(1275046581.373:2338):  operation="open" pid=4211 parent=1 profile="/usr/lib/firefox-3.6.5pre/firefox-*bin//null-60//null-61" requested_mask="rwc::" denied_mask="rwc::" fsuid=1000 ouid=1000 name="/tmp/ksocket-tlu/kgetNu4211.slave-socket"
    May 28 13:36:21 HANNIBAL kernel: [ 5918.288504] type=1502 audit(1275046581.373:2339):  operation="unlink" pid=4211 parent=1 profile="/usr/lib/firefox-3.6.5pre/firefox-*bin//null-60//null-61" requested_mask="d::" denied_mask="d::" fsuid=1000 ouid=1000 name="/tmp/ksocket-tlu/kgetNu4211.slave-socket"
    May 28 13:36:21 HANNIBAL kernel: [ 5918.288549] type=1502 audit(1275046581.373:2340):  operation="mknod" pid=4211 parent=1 profile="/usr/lib/firefox-3.6.5pre/firefox-*bin//null-60//null-61" requested_mask="c::" denied_mask="c::" fsuid=1000 ouid=1000 name="/tmp/ksocket-tlu/kgetNu4211.slave-socket"
    May 28 13:36:21 HANNIBAL kernel: [ 5918.311708] type=1502 audit(1275046581.393:2341):  operation="unlink" pid=4211 parent=1 profile="/usr/lib/firefox-3.6.5pre/firefox-*bin//null-60//null-61" requested_mask="d::" denied_mask="d::" fsuid=1000 ouid=1000 name="/tmp/ksocket-tlu/kgetNu4211.slave-socket"
    May 28 13:36:23 HANNIBAL kernel: [ 5920.056800] type=1502 audit(1275046583.142:2342):  operation="truncate" pid=4211 parent=1 profile="/usr/lib/firefox-3.6.5pre/firefox-*bin//null-60//null-61" requested_mask="w::" denied_mask="w::" fsuid=1000 ouid=1000 name="/var/tmp/kdecache-tlu/kpc/kde-icon-cache.updated"
    May 28 13:36:23 HANNIBAL kernel: [ 5920.056826] type=1502 audit(1275046583.142:2343):  operation="open" pid=4211 parent=1 profile="/usr/lib/firefox-3.6.5pre/firefox-*bin//null-60//null-61" requested_mask="wc::" denied_mask="wc::" fsuid=1000 ouid=1000 name="/var/tmp/kdecache-tlu/kpc/kde-icon-cache.updated"
    May 28 13:36:35 HANNIBAL kernel: [ 5932.823483] __ratelimit: 9 callbacks suppressed
    May 28 13:36:35 HANNIBAL kernel: [ 5932.823487] type=1502 audit(1275046595.905:2347):  operation="truncate" pid=4211 parent=1 profile="/usr/lib/firefox-3.6.5pre/firefox-*bin//null-60//null-61" requested_mask="w::" denied_mask="w::" fsuid=1000 ouid=1000 name="/var/tmp/kdecache-tlu/kpc/kde-icon-cache.updated"
    May 28 13:36:35 HANNIBAL kernel: [ 5932.823505] type=1502 audit(1275046595.905:2348):  operation="open" pid=4211 parent=1 profile="/usr/lib/firefox-3.6.5pre/firefox-*bin//null-60//null-61" requested_mask="wc::" denied_mask="wc::" fsuid=1000 ouid=1000 name="/var/tmp/kdecache-tlu/kpc/kde-icon-cache.updated"
    May 28 13:36:41 HANNIBAL kernel: [ 5938.321409] type=1502 audit(1275046601.406:2349):  operation="truncate" pid=4211 parent=1 profile="/usr/lib/firefox-3.6.5pre/firefox-*bin//null-60//null-61" requested_mask="w::" denied_mask="w::" fsuid=1000 ouid=1000 name="/home/tlu/.kde/share/apps/kget/transfers.kgt"
    May 28 13:36:41 HANNIBAL kernel: [ 5938.321475] type=1502 audit(1275046601.406:2350):  operation="open" pid=4211 parent=1 profile="/usr/lib/firefox-3.6.5pre/firefox-*bin//null-60//null-61" requested_mask="wc::" denied_mask="wc::" fsuid=1000 ouid=1000 name="/home/tlu/.kde/share/apps/kget/transfers.kgt"
    Furthermore, your profile is not in complain mode, so if you are having a problem, it is not due to apparmor.
    Sorry, but according to aa-status it's definitely in complain mode:

    Code:
    sudo aa-status
    apparmor module is loaded.
    108 profiles are loaded.
    11 profiles are in enforce mode.
       /sbin/dhclient3
       /usr/bin/evince
       /usr/bin/evince-previewer
       /usr/bin/evince-thumbnailer
       /usr/lib/NetworkManager/nm-dhcp-client.action
       /usr/lib/connman/scripts/dhclient-script
       /usr/lib/cups/backend/cups-pdf
       /usr/sbin/cupsd
       /usr/sbin/mysqld-akonadi
       /usr/sbin/tcpdump
       /usr/share/gdm/guest-session/Xsession
    97 profiles are in complain mode.
       /bin/ping
       /sbin/klogd
       /sbin/syslog-ng
       /sbin/syslogd
       /usr/lib/dovecot/deliver
       /usr/lib/dovecot/dovecot-auth
       /usr/lib/dovecot/imap
       /usr/lib/dovecot/imap-login
       /usr/lib/dovecot/managesieve-login
       /usr/lib/dovecot/pop3
       /usr/lib/dovecot/pop3-login
       /usr/lib/firefox-3.6.5pre/firefox-*bin
       /usr/lib/firefox-3.6.5pre/firefox-*bin//firefox_java
       /usr/lib/firefox-3.6.5pre/firefox-*bin//firefox_openjdk
       /usr/lib/firefox-3.6.5pre/firefox-*bin//null-24
       /usr/lib/firefox-3.6.5pre/firefox-*bin//null-24//null-25
       /usr/lib/firefox-3.6.5pre/firefox-*bin//null-24//null-26
       /usr/lib/firefox-3.6.5pre/firefox-*bin//null-24//null-27
       /usr/lib/firefox-3.6.5pre/firefox-*bin//null-24//null-28
       /usr/lib/firefox-3.6.5pre/firefox-*bin//null-24//null-29
       /usr/lib/firefox-3.6.5pre/firefox-*bin//null-24//null-2a
       /usr/lib/firefox-3.6.5pre/firefox-*bin//null-24//null-2b
       /usr/lib/firefox-3.6.5pre/firefox-*bin//null-24//null-2c
       /usr/lib/firefox-3.6.5pre/firefox-*bin//null-24//null-2d
       /usr/lib/firefox-3.6.5pre/firefox-*bin//null-24//null-2e
       /usr/lib/firefox-3.6.5pre/firefox-*bin//null-24//null-2f
       /usr/lib/firefox-3.6.5pre/firefox-*bin//null-30
       /usr/lib/firefox-3.6.5pre/firefox-*bin//null-30//null-31
       /usr/lib/firefox-3.6.5pre/firefox-*bin//null-30//null-32
       /usr/lib/firefox-3.6.5pre/firefox-*bin//null-30//null-33
       /usr/lib/firefox-3.6.5pre/firefox-*bin//null-30//null-34
       /usr/lib/firefox-3.6.5pre/firefox-*bin//null-30//null-35
       /usr/lib/firefox-3.6.5pre/firefox-*bin//null-30//null-36
       /usr/lib/firefox-3.6.5pre/firefox-*bin//null-30//null-37
       /usr/lib/firefox-3.6.5pre/firefox-*bin//null-30//null-38
       /usr/lib/firefox-3.6.5pre/firefox-*bin//null-30//null-39
       /usr/lib/firefox-3.6.5pre/firefox-*bin//null-30//null-3a
       /usr/lib/firefox-3.6.5pre/firefox-*bin//null-30//null-3b
       /usr/lib/firefox-3.6.5pre/firefox-*bin//null-3c
       /usr/lib/firefox-3.6.5pre/firefox-*bin//null-3c//null-3d
       /usr/lib/firefox-3.6.5pre/firefox-*bin//null-3c//null-3e
       /usr/lib/firefox-3.6.5pre/firefox-*bin//null-3c//null-3f
       /usr/lib/firefox-3.6.5pre/firefox-*bin//null-3c//null-40
       /usr/lib/firefox-3.6.5pre/firefox-*bin//null-3c//null-41
       /usr/lib/firefox-3.6.5pre/firefox-*bin//null-3c//null-42
       /usr/lib/firefox-3.6.5pre/firefox-*bin//null-3c//null-43
       /usr/lib/firefox-3.6.5pre/firefox-*bin//null-3c//null-44
       /usr/lib/firefox-3.6.5pre/firefox-*bin//null-3c//null-45
       /usr/lib/firefox-3.6.5pre/firefox-*bin//null-3c//null-46
       /usr/lib/firefox-3.6.5pre/firefox-*bin//null-3c//null-47
       /usr/lib/firefox-3.6.5pre/firefox-*bin//null-48
       /usr/lib/firefox-3.6.5pre/firefox-*bin//null-48//null-49
       /usr/lib/firefox-3.6.5pre/firefox-*bin//null-48//null-4a
       /usr/lib/firefox-3.6.5pre/firefox-*bin//null-48//null-4b
       /usr/lib/firefox-3.6.5pre/firefox-*bin//null-48//null-4c
       /usr/lib/firefox-3.6.5pre/firefox-*bin//null-48//null-4d
       /usr/lib/firefox-3.6.5pre/firefox-*bin//null-48//null-4e
       /usr/lib/firefox-3.6.5pre/firefox-*bin//null-48//null-4f
       /usr/lib/firefox-3.6.5pre/firefox-*bin//null-48//null-50
       /usr/lib/firefox-3.6.5pre/firefox-*bin//null-48//null-51
       /usr/lib/firefox-3.6.5pre/firefox-*bin//null-48//null-52
       /usr/lib/firefox-3.6.5pre/firefox-*bin//null-48//null-53
       /usr/lib/firefox-3.6.5pre/firefox-*bin//null-54
       /usr/lib/firefox-3.6.5pre/firefox-*bin//null-54//null-55
       /usr/lib/firefox-3.6.5pre/firefox-*bin//null-54//null-56
       /usr/lib/firefox-3.6.5pre/firefox-*bin//null-54//null-57
       /usr/lib/firefox-3.6.5pre/firefox-*bin//null-54//null-58
       /usr/lib/firefox-3.6.5pre/firefox-*bin//null-54//null-59
       /usr/lib/firefox-3.6.5pre/firefox-*bin//null-54//null-5a
       /usr/lib/firefox-3.6.5pre/firefox-*bin//null-54//null-5b
       /usr/lib/firefox-3.6.5pre/firefox-*bin//null-54//null-5c
       /usr/lib/firefox-3.6.5pre/firefox-*bin//null-54//null-5d
       /usr/lib/firefox-3.6.5pre/firefox-*bin//null-54//null-5e
       /usr/lib/firefox-3.6.5pre/firefox-*bin//null-54//null-5f
       /usr/lib/firefox-3.6.5pre/firefox-*bin//null-60
       /usr/lib/firefox-3.6.5pre/firefox-*bin//null-60//null-61
       /usr/lib/firefox-3.6.5pre/firefox-*bin//null-62
       /usr/lib/firefox-3.6.5pre/firefox-*bin//null-62//null-63
       /usr/lib/firefox-3.6.5pre/firefox-*bin//null-62//null-64
       /usr/lib/firefox-3.6.5pre/firefox-*bin//null-62//null-65
       /usr/lib/firefox-3.6.5pre/firefox-*bin//null-62//null-66
       /usr/lib/firefox-3.6.5pre/firefox-*bin//null-62//null-67
       /usr/lib/firefox-3.6.5pre/firefox-*bin//null-62//null-68
       /usr/lib/firefox-3.6.5pre/firefox-*bin//null-62//null-69
       /usr/lib/firefox-3.6.5pre/firefox-*bin//null-62//null-6a
       /usr/lib/firefox-3.6.5pre/firefox-*bin//null-62//null-6b
       /usr/lib/firefox-3.6.5pre/firefox-*bin//null-62//null-6c
       /usr/lib/firefox-3.6.5pre/firefox-*bin//null-62//null-6d
       /usr/sbin/avahi-daemon
       /usr/sbin/dnsmasq
       /usr/sbin/dovecot
       /usr/sbin/identd
       /usr/sbin/mdnsd
       /usr/sbin/nmbd
       /usr/sbin/nscd
       /usr/sbin/smbd
       /usr/sbin/traceroute
    6 processes have profiles defined.
    2 processes are in enforce mode :
       /sbin/dhclient3 (1226) 
       /usr/sbin/cupsd (1974) 
    4 processes are in complain mode.
       /usr/lib/firefox-3.6.5pre/firefox-*bin (4241) 
       /usr/lib/firefox-3.6.5pre/firefox-*bin//null-60//null-61 (4211) 
       /usr/sbin/avahi-daemon (1154) 
       /usr/sbin/avahi-daemon (1159) 
    0 processes are unconfined but have a profile defined.

Page 9 of 12 FirstFirst ... 7891011 ... LastLast

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •