aa-logprof asks for already existing network rules

Bug #1380367 reported by Christian Boltz on 2014-10-12
This bug affects 1 person
Affects Status Importance Assigned to Milestone

Bug Description

# cat /etc/apparmor.d/home.sys-tmp.ping
# Last Modified: Sun Oct 12 20:37:55 2014
#include <tunables/global>

/home/sys-tmp/ping flags=(complain) {
  #include <abstractions/base>

  capability net_raw,

  network inet dgram,
  network inet raw,

  /etc/resolv.conf r,
  /home/sys-tmp/ping mr,
  /run/nscd/* r,


Nevertheless aa-logprof asks to add those network rules: (I still have the audit.log of creating that profile, that's why I have log entries about them.)

# aa-logprof
Reading log entries from /var/log/audit/audit.log.
Updating AppArmor profiles in /etc/apparmor.d.
Complain-mode changes:

Profile: /home/sys-tmp/ping
Network Family: inet
Socket Type: dgram

[(A)llow] / (D)eny / (I)gnore / Audi(t) / Abo(r)t / (F)inish
Adding network access inet dgram to profile.

Profile: /home/sys-tmp/ping
Network Family: inet
Socket Type: raw

[(A)llow] / (D)eny / (I)gnore / Audi(t) / Abo(r)t / (F)inish
Adding network access inet raw to profile.

= Changed Local Profiles =

Needless to say that those "additions" don't change anything in the profile because the rules were already there.

Christian Boltz (cboltz) wrote :

Fixed in bzr r2764.

Changed in apparmor:
milestone: none → 2.9.1
status: New → Fix Committed
Steve Beattie (sbeattie) wrote :

AppArmor 2.9.1 has been released, closing.

Changed in apparmor:
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers