dnsmasq runs unconfined due to starting before apparmor on boot
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
libvirt (Ubuntu) |
Fix Released
|
Wishlist
|
Jamie Strandboge |
Bug Description
Binary package hint: dnsmasq
When I startup my virt system the dnsmasq process is not enforced. I set this profile to enforce so it should be enforced. As I understood it, apparmor should start before this process starts.
michael@pessum:~$ sudo aa-status
[sudo] password for michael:
apparmor module is loaded.
30 profiles are loaded.
30 profiles are in enforce mode.
/bin/ping
/sbin/dhclient3
/sbin/klogd
/sbin/syslog-ng
/sbin/syslogd
/usr/
/usr/
/usr/
/usr/
/usr/
/usr/
/usr/
/usr/
/usr/
/usr/
/usr/
/usr/
/usr/
/usr/sbin/identd
/usr/
/usr/sbin/mdnsd
/usr/sbin/nmbd
/usr/sbin/nscd
/usr/sbin/smbd
/usr/
/usr/
libvirt-
libvirt-
libvirt-
libvirt-
0 profiles are in complain mode.
6 processes have profiles defined.
5 processes are in enforce mode :
/usr/
libvirt-
libvirt-
libvirt-
libvirt-
0 processes are in complain mode.
1 processes are unconfined but have a profile defined.
/usr/
root@pessum:~# kill 1543
root@pessum:~# dnsmasq
root@pessum:~# aa-status
apparmor module is loaded.
30 profiles are loaded.
30 profiles are in enforce mode.
/bin/ping
/sbin/dhclient3
/sbin/klogd
/sbin/syslog-ng
/sbin/syslogd
/usr/
/usr/
/usr/
/usr/
/usr/
/usr/
/usr/
/usr/
/usr/
/usr/
/usr/
/usr/
/usr/
/usr/sbin/identd
/usr/
/usr/sbin/mdnsd
/usr/sbin/nmbd
/usr/sbin/nscd
/usr/sbin/smbd
/usr/
/usr/
libvirt-
libvirt-
libvirt-
libvirt-
0 profiles are in complain mode.
6 processes have profiles defined.
6 processes are in enforce mode :
/usr/
/usr/
libvirt-
libvirt-
libvirt-
libvirt-
0 processes are in complain mode.
0 processes are unconfined but have a profile defined.
ProblemType: Bug
DistroRelease: Ubuntu 10.04
Package: dnsmasq (not installed)
ProcVersionSign
Uname: Linux 2.6.32-21-server x86_64
NonfreeKernelMo
Architecture: amd64
Date: Sat May 1 16:56:35 2010
InstallationMedia: Ubuntu-Server 10.04 "Lucid Lynx" - Alpha amd64 (20100404)
ProcEnviron:
PATH=(custom, no user)
LANG=en_US.UTF-8
SHELL=/bin/bash
SourcePackage: dnsmasq
visibility: | private → public |
summary: |
- dnsmasq not enforced by apparmor on boot + dnsmasq runs unconfined due to starting before apparmor on boot |
Changed in libvirt (Ubuntu): | |
status: | Incomplete → Triaged |
Changed in libvirt (Ubuntu): | |
importance: | Undecided → Wishlist |
Changed in libvirt (Ubuntu): | |
status: | Triaged → In Progress |
Changed in libvirt (Ubuntu): | |
milestone: | none → natty-alpha-2 |
Changed in libvirt (Ubuntu): | |
status: | In Progress → Fix Committed |
Thank you for reporting a bug. How did you enable the profile? Assuming you enabled the profile to load on boot with 'aa-enforce', you can expect to have to restart the daemon immediately after loading the profile. After a reboot, it should be in enforce mode.