Page 14 of 19 FirstFirst ... 41213141516 ... LastLast
Results 131 to 140 of 185

Thread: AppArmor Support Thread

  1. #131

    Re: AppArmor Support Thread

    thank you. logrotate asks for /usr/sbin/proftpd (x), /var/run/proftpd.pid (i think rwk), /etc/proftpd/** (r), /usr/lib/apache2/mpm-worker/apache2 (x). i have now added apache and proftpd with Px. i hope it did not execute them in complain mode.

    why there are these logs at system start?, this is today, other day may be differ :
    Code:
    Aug  4 06:55:58 dinar-desktop kernel: [    4.908385] type=1505 audit(1280904932.165:2): operation="profile_load" pid=383 name=/bin/netstat
    Aug  4 06:55:58 dinar-desktop kernel: [    4.951065] type=1505 audit(1280904932.205:3): operation="profile_load" pid=384 name=/bin/ping
    Aug  4 06:55:58 dinar-desktop kernel: [    4.974530] type=1505 audit(1280904932.229:4): operation="profile_load" pid=385 name=/etc/cron.daily/awffull
    Aug  4 06:55:58 dinar-desktop kernel: [    5.007439] type=1505 audit(1280904932.261:5): operation="profile_load" pid=386 name=/etc/cron.daily/logrotate
    Aug  4 06:55:58 dinar-desktop kernel: [    5.039473] type=1505 audit(1280904932.293:6): operation="profile_load" pid=387 name=/etc/cron.daily/slocate.cron
    Aug  4 06:55:58 dinar-desktop kernel: [    5.053068] type=1505 audit(1280904932.309:7): operation="profile_load" pid=388 name=/etc/cron.daily/tmpwatch
    Aug  4 06:55:58 dinar-desktop kernel: [    5.082692] type=1505 audit(1280904932.337:8): operation="profile_load" pid=389 name=/etc/init.d/amavis
    Aug  4 06:55:58 dinar-desktop kernel: [    5.106370] type=1505 audit(1280904932.361:9): operation="profile_load" pid=390 name=/etc/init.d/clamav-daemon
    Aug  4 06:55:58 dinar-desktop kernel: [    5.110278] type=1505 audit(1280904932.365:10): operation="profile_load" pid=391 name=/etc/init.d/clamav-freshclam
    Aug  4 06:55:58 dinar-desktop kernel: [    5.748447] __ratelimit: 111 callbacks suppressed
    Aug  4 06:55:58 dinar-desktop kernel: [    5.748455] type=1505 audit(1280904933.005:48): operation="profile_load" pid=425 name=/usr/bin/gajim
    Aug  4 06:55:58 dinar-desktop kernel: [    5.776960] type=1505 audit(1280904933.033:49): operation="profile_load" pid=426 name=/usr/bin/ghex2
    Aug  4 06:55:58 dinar-desktop kernel: [    5.784703] type=1505 audit(1280904933.041:50): operation="profile_load" pid=427 name=/usr/bin/gimp-2.*
    Aug  4 06:55:58 dinar-desktop kernel: [    5.789306] type=1505 audit(1280904933.045:51): operation="profile_load" pid=428 name=/usr/bin/gossip
    Aug  4 06:55:58 dinar-desktop kernel: [    5.799475] type=1505 audit(1280904933.053:52): operation="profile_load" pid=429 name=/usr/bin/icecast
    Aug  4 06:55:58 dinar-desktop kernel: [    5.811557] type=1505 audit(1280904933.065:53): operation="profile_load" pid=430 name=/usr/bin/icecast2
    Aug  4 06:55:58 dinar-desktop kernel: [    5.829942] type=1505 audit(1280904933.085:54): operation="profile_load" pid=431 name=/usr/bin/ices2
    Aug  4 06:55:58 dinar-desktop kernel: [    5.834723] type=1505 audit(1280904933.089:55): operation="profile_load" pid=432 name=/usr/bin/konqueror
    Aug  4 06:55:58 dinar-desktop kernel: [    5.850446] type=1505 audit(1280904933.105:56): operation="profile_load" pid=433 name=/usr/bin/kopete
    Aug  4 06:55:58 dinar-desktop kernel: [    5.862958] type=1505 audit(1280904933.117:57): operation="profile_load" pid=434 name=/usr/bin/liveice
    ...
    ...
    Aug  4 06:55:58 dinar-desktop kernel: [   30.864252] type=1505 audit(1280890558.121:162): operation="profile_replace" pid=1230 name=/bin/netstat
    Aug  4 06:55:58 dinar-desktop kernel: [   30.868229] type=1505 audit(1280890558.125:163): operation="profile_replace" pid=1231 name=/bin/ping
    Aug  4 06:55:58 dinar-desktop kernel: [   30.872185] type=1505 audit(1280890558.129:164): operation="profile_replace" pid=1232 name=/etc/cron.daily/awffull
    Aug  4 06:55:58 dinar-desktop kernel: [   30.945018] type=1505 audit(1280890558.201:165): operation="profile_replace" pid=1233 name=/etc/cron.daily/logrotate
    Aug  4 06:55:58 dinar-desktop kernel: [   30.949303] type=1505 audit(1280890558.205:166): operation="profile_replace" pid=1245 name=/etc/cron.daily/slocate.cron
    Aug  4 06:55:58 dinar-desktop kernel: [   30.953068] type=1505 audit(1280890558.209:167): operation="profile_replace" pid=1246 name=/etc/cron.daily/tmpwatch
    Aug  4 06:55:58 dinar-desktop kernel: [   30.956893] type=1505 audit(1280890558.213:168): operation="profile_replace" pid=1247 name=/etc/init.d/amavis
    Aug  4 06:55:58 dinar-desktop kernel: [   30.960764] type=1505 audit(1280890558.217:169): operation="profile_replace" pid=1248 name=/etc/init.d/clamav-daemon
    Aug  4 06:55:58 dinar-desktop kernel: [   30.991635] type=1505 audit(1280890558.245:170): operation="profile_replace" pid=1249 name=/etc/init.d/clamav-freshclam
    Aug  4 06:55:58 dinar-desktop kernel: [   30.995578] type=1505 audit(1280890558.249:171): operation="profile_replace" pid=1250 name=/etc/init.d/ejabberd
    i have checked with aa-status, not only these profiles are loaded.

    and again ask what is in post #124, what is cache directory ( and why there are such file names and file times).

  2. #132
    Join Date
    Feb 2010
    Location
    Chicago metro
    Beans
    1,310
    Distro
    Ubuntu Development Release

    Re: AppArmor Support Thread

    I am having trouble with the profile for firefox-4.0. The profile is not in /etc/apparmor.d/disable, yet when I restart, the profile is not loaded and I have to load it explicitly. Then if I restart apparmor, it is no longer loaded. What am I doing wrong?

    EDIT: after a couple of reboots it does now load on its own.
    Code:
    ats@M3A32-MVP:~$ sudo apparmor_parser -r /etc/apparmor.d/usr.bin.firefox-4.0
    ats@M3A32-MVP:~$ sudo /etc/init.d/apparmor status
    /usr/lib/firefox-4.0b6pre/firefox{,*[^s][^h]} (enforce)
    /usr/lib/firefox-4.0b6pre/firefox{,*[^s][^h]}//browser_openjdk (enforce)
    /usr/lib/firefox-4.0b6pre/firefox{,*[^s][^h]}//browser_java (enforce)
    /usr/bin/evince-thumbnailer (enforce)
    /usr/bin/evince-previewer (enforce)
    /usr/bin/evince (enforce)
    /usr/lib/firefox-3.6.9/firefox-*bin (enforce)
    /usr/lib/firefox-3.6.9/firefox-*bin//browser_openjdk (enforce)
    /usr/lib/firefox-3.6.9/firefox-*bin//browser_java (enforce)
    /usr/sbin/tcpdump (enforce)
    /usr/sbin/mysqld-akonadi (enforce)
    /usr/sbin/cupsd (enforce)
    /usr/lib/cups/backend/cups-pdf (enforce)
    /usr/lib/connman/scripts/dhclient-script (enforce)
    /usr/lib/NetworkManager/nm-dhcp-client.action (enforce)
    /sbin/dhclient3 (enforce)
    /usr/share/gdm/guest-session/Xsession (enforce)
    ats@M3A32-MVP:~$ sudo /etc/init.d/apparmor restart
     * Reloading AppArmor profiles                                           [ OK ] 
    ats@M3A32-MVP:~$ sudo /etc/init.d/apparmor status
    /usr/bin/evince-thumbnailer (enforce)
    /usr/bin/evince-previewer (enforce)
    /usr/bin/evince (enforce)
    /usr/lib/firefox-3.6.9/firefox-*bin (enforce)
    /usr/lib/firefox-3.6.9/firefox-*bin//browser_openjdk (enforce)
    /usr/lib/firefox-3.6.9/firefox-*bin//browser_java (enforce)
    /usr/sbin/tcpdump (enforce)
    /usr/sbin/mysqld-akonadi (enforce)
    /usr/sbin/cupsd (enforce)
    /usr/lib/cups/backend/cups-pdf (enforce)
    /usr/lib/connman/scripts/dhclient-script (enforce)
    /usr/lib/NetworkManager/nm-dhcp-client.action (enforce)
    /sbin/dhclient3 (enforce)
    /usr/share/gdm/guest-session/Xsession (enforce)
    ats@M3A32-MVP:~$
    Last edited by andrewthomas; September 14th, 2010 at 02:42 PM. Reason: added inof
    If this helped you, please take the time to rate the value of this post:
    http://rate.affero.net/andrewthomas/

  3. #133
    Join Date
    Feb 2010
    Location
    Chicago metro
    Beans
    1,310
    Distro
    Ubuntu Development Release

    Re: AppArmor Support Thread

    Transmission does not seem to work right with the profile loaded. I get many messages such as:
    Code:
    apparmor="DENIED" operation="open" parent=1 profile="/usr/bin/transmission" name="/var/lib/dbus/machine-id" pid=2643 comm="transmission" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
    apparmor="DENIED" operation="exec" parent=2643 profile="/usr/bin/transmission" name="/usr/bin/pulseaudio" pid=7729 comm="transmission" requested_mask="x" denied_mask="x" fsuid=1000 ouid=0
    apparmor="DENIED" operation="open" parent=1 profile="/usr/bin/transmission" name="/var/lib/dbus/machine-id" pid=2643 comm="transmission" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
    apparmor="DENIED" operation="exec" parent=2643 profile="/usr/bin/transmission" name="/usr/bin/pulseaudio" pid=7731 comm="transmission" requested_mask="x" denied_mask="x" fsuid=1000 ouid=0
    What is the harm in allowing access to the above?
    If this helped you, please take the time to rate the value of this post:
    http://rate.affero.net/andrewthomas/

  4. #134
    Join Date
    Apr 2006
    Location
    Montana
    Beans
    Hidden!
    Distro
    Kubuntu Development Release

    Re: AppArmor Support Thread

    Quote Originally Posted by andrewthomas View Post
    Transmission does not seem to work right with the profile loaded. I get many messages such as:
    Code:
    apparmor="DENIED" operation="open" parent=1 profile="/usr/bin/transmission" name="/var/lib/dbus/machine-id" pid=2643 comm="transmission" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
    apparmor="DENIED" operation="exec" parent=2643 profile="/usr/bin/transmission" name="/usr/bin/pulseaudio" pid=7729 comm="transmission" requested_mask="x" denied_mask="x" fsuid=1000 ouid=0
    apparmor="DENIED" operation="open" parent=1 profile="/usr/bin/transmission" name="/var/lib/dbus/machine-id" pid=2643 comm="transmission" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
    apparmor="DENIED" operation="exec" parent=2643 profile="/usr/bin/transmission" name="/usr/bin/pulseaudio" pid=7731 comm="transmission" requested_mask="x" denied_mask="x" fsuid=1000 ouid=0
    What is the harm in allowing access to the above?
    Harm ? Apparmor should not harm anything.

    If the application is working to your satisfaction you do not need to do anything further.

    If the application is not working, you will need to allow access.

    Other then that there are two strategies ->

    1. Allow minimal access. This may fill your logs (with "false positives").

    2. Allow all normal access, this will quiet your logs, you then will find any alerts you receive meaningful (reduce false positives).

    The second strategy is helpful if you wish to monitor your logs or use apparmor-notify

    http://packages.ubuntu.com/lucid/apparmor-notify
    There are two mistakes one can make along the road to truth...not going all the way, and not starting.
    --Prince Gautama Siddharta

    #ubuntuforums web interface

  5. #135
    Join Date
    Feb 2010
    Location
    Chicago metro
    Beans
    1,310
    Distro
    Ubuntu Development Release

    Re: AppArmor Support Thread

    Quote Originally Posted by bodhi.zazen View Post
    Harm ? Apparmor should not harm anything.
    What I should have said is:

    1. Should I grant read access on /var/lib/dbus/machine-id?
    2. Why would pulseaudio access be necessary?
    If this helped you, please take the time to rate the value of this post:
    http://rate.affero.net/andrewthomas/

  6. #136
    Join Date
    Apr 2006
    Location
    Montana
    Beans
    Hidden!
    Distro
    Kubuntu Development Release

    Re: AppArmor Support Thread

    Quote Originally Posted by andrewthomas View Post
    What I should have said is:

    1. Should I grant read access on /var/lib/dbus/machine-id?

    Only you can decide that, honestly, as long as the application is working ... Depends on how full you want your logs to be vs how quiet you want aa to run.

    If you are going to monitor your logs, IMO, make them as quiet as possible.


    1. Why would pulseaudio access be necessary?
    Well pulse audio is necessary for sound. Perhaps playing a theme sound ? If you really want to know, use strace.
    There are two mistakes one can make along the road to truth...not going all the way, and not starting.
    --Prince Gautama Siddharta

    #ubuntuforums web interface

  7. #137
    Join Date
    Jan 2008
    Location
    USA
    Beans
    971
    Distro
    Ubuntu 12.04 Precise Pangolin

    Re: AppArmor Support Thread

    Quote Originally Posted by andrewthomas View Post
    I am having trouble with the profile for firefox-4.0. The profile is not in /etc/apparmor.d/disable, yet when I restart, the profile is not loaded and I have to load it explicitly. Then if I restart apparmor, it is no longer loaded. What am I doing wrong?
    I don't know if this is the cause of your problem, but you need to go through that profile and change all "3.6.9" entries to "4.*".
    Occam's Razor for computers: Viruses must never be postulated without necessity -- nevius

    My Blog

  8. #138
    Join Date
    Feb 2010
    Location
    Chicago metro
    Beans
    1,310
    Distro
    Ubuntu Development Release

    Re: AppArmor Support Thread

    Quote Originally Posted by rookcifer View Post
    I don't know if this is the cause of your problem, but you need to go through that profile and change all "3.6.9" entries to "4.*".
    They are two separate profiles. A reboot fixed the problem
    Quote Originally Posted by andrewthomas View Post
    EDIT: after a couple of reboots it does now load on its own.
    Code:
    ats@M3A32-MVP:~$ sudo apparmor_parser -r /etc/apparmor.d/usr.bin.firefox-4.0
    ats@M3A32-MVP:~$ sudo /etc/init.d/apparmor status
    /usr/lib/firefox-4.0b6pre/firefox{,*[^s][^h]} (enforce)
    /usr/lib/firefox-4.0b6pre/firefox{,*[^s][^h]}//browser_openjdk (enforce)
    /usr/lib/firefox-4.0b6pre/firefox{,*[^s][^h]}//browser_java (enforce)
    /usr/bin/evince-thumbnailer (enforce)
    /usr/bin/evince-previewer (enforce)
    /usr/bin/evince (enforce)
    /usr/lib/firefox-3.6.9/firefox-*bin (enforce)
    /usr/lib/firefox-3.6.9/firefox-*bin//browser_openjdk (enforce)
    /usr/lib/firefox-3.6.9/firefox-*bin//browser_java (enforce)
    If this helped you, please take the time to rate the value of this post:
    http://rate.affero.net/andrewthomas/

  9. #139
    MountainX's Avatar
    MountainX is offline Iced Blended Vanilla Crème Ubuntu
    Join Date
    Jan 2008
    Location
    A place with no mountains
    Beans
    1,610
    Distro
    Kubuntu

    Re: AppArmor Support Thread

    I posted this question earlier, but I'm reposting here because I think this thread is a better place to ask my question.

    I want to solve the apparmor="DENIED" messages from Firefox.

    I'm looking for the quick/easy solution right now. Time doesn't permit me to study apparmor in detail at the moment. In cookbook style, what changes should I make to eliminate these messages?

    [15006.769069] type=1400 audit(999999.533:28): apparmor="DENIED" operation="open" parent=1 profile="/usr/lib/firefox-4.0b8pre/firefox{,*[^s][^h]}" name=XXX_REALLY_LONG_XXX pid=3503 comm="firefox-4.0-bin" requested_mask="r" denied_mask="r" fsuid=1000 ouid=1000

    [15112.077815] type=1400 audit(999999.834:41): apparmor="DENIED" operation="open" parent=1 profile="/usr/lib/firefox-4.0b8pre/firefox{,*[^s][^h]}" name=XXX_REALLY_LONG_XXX pid=3515 comm="firefox-4.0-bin" requested_mask="r" denied_mask="r" fsuid=1000 ouid=1000

    [15129.784227] type=1400 audit(9999999.543:45): apparmor="DENIED" operation="mknod" parent=1 profile="/usr/lib/firefox-4.0b8pre/firefox{,*[^s][^h]}" name="/my/downloads/Software/ubuntu-10.10-dvd-amd64.iso" pid=2035 comm="firefox-4.0-bin" requested_mask="c" denied_mask="c" fsuid=1000 ouid=1000
    Desktop: KX Studio (Kubuntu 12.04)
    Laptop & Netbook: Kubuntu 12.04
    Tablet: Samsung Galaxy Tab 10.1
    Phone: Nexus 4 Cyanogenmod

  10. #140
    Join Date
    Apr 2006
    Location
    Montana
    Beans
    Hidden!
    Distro
    Kubuntu Development Release

    Re: AppArmor Support Thread

    Quote Originally Posted by MountainX View Post
    I posted this question earlier, but I'm reposting here because I think this thread is a better place to ask my question.

    I want to solve the apparmor="DENIED" messages from Firefox.

    I'm looking for the quick/easy solution right now. Time doesn't permit me to study apparmor in detail at the moment. In cookbook style, what changes should I make to eliminate these messages?

    [15006.769069] type=1400 audit(999999.533:28): apparmor="DENIED" operation="open" parent=1 profile="/usr/lib/firefox-4.0b8pre/firefox{,*[^s][^h]}" name=XXX_REALLY_LONG_XXX pid=3503 comm="firefox-4.0-bin" requested_mask="r" denied_mask="r" fsuid=1000 ouid=1000

    [15112.077815] type=1400 audit(999999.834:41): apparmor="DENIED" operation="open" parent=1 profile="/usr/lib/firefox-4.0b8pre/firefox{,*[^s][^h]}" name=XXX_REALLY_LONG_XXX pid=3515 comm="firefox-4.0-bin" requested_mask="r" denied_mask="r" fsuid=1000 ouid=1000

    [15129.784227] type=1400 audit(9999999.543:45): apparmor="DENIED" operation="mknod" parent=1 profile="/usr/lib/firefox-4.0b8pre/firefox{,*[^s][^h]}" name="/my/downloads/Software/ubuntu-10.10-dvd-amd64.iso" pid=2035 comm="firefox-4.0-bin" requested_mask="c" denied_mask="c" fsuid=1000 ouid=1000
    Well, if your time is limited, I would first ask, why fix the problem then ? Are these denials preventing you from using firefox ?

    Second, each denial is likely an edit to the firefox profile. You will need to post the exact denials, uneditied, or learn how to configure apparmor yourself. In other words, I can not tell you how to fix the problem as you edited the denials and did not post the raw data.
    There are two mistakes one can make along the road to truth...not going all the way, and not starting.
    --Prince Gautama Siddharta

    #ubuntuforums web interface

Page 14 of 19 FirstFirst ... 41213141516 ... LastLast

Tags for this Thread

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •