Results 1 to 2 of 2

Thread: [SOLVED]Netstat ptrace capability denied at boot time (new behaviour)

  1. #1
    Join Date
    Sep 2007
    Beans
    26

    [SOLVED]Netstat ptrace capability denied at boot time (new behaviour)

    I am getting these new apparmor messages at boot time on 12.04 server as of a few days ago:

    kernel: type=1400 audit(1363187474.753:96): apparmor="DENIED" operation="ptrace" parent=1263 profile="/bin/netstat" pid=1266 comm="netstat" target=601C
    I don't know why this behaviour has changed, what process is calling netstat at boot time, why it would need ptrace, what the target process is, or whether I should be concerned.
    Last edited by sambhogi; March 13th, 2013 at 06:43 PM. Reason: issue resolved

  2. #2
    Join Date
    Sep 2007
    Beans
    26

    Re: Netstat ptrace capability denied at boot time (new behaviour)

    I have verified on another instance that this is normal under the default apparmor profile when netstat is invoked with -p. The most likely explanation for the new behaviour is that the bin.ping apparmor profile was previously unenforced, although I don't have logs going back far enough to verify this hypothesis.

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •