[network-manager] Apparmor DENIALs
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
snappy-hwe-snaps |
Fix Released
|
Medium
|
Simon Fels |
Bug Description
While testing the latest NM (1.2.2-11, r115) snap on a Dell IoT gateway ( see below for image details ), a review of NM's log messages in syslog show a apparmor denials being generated by the config hook:
Mar 17 23:47:12 localhost kernel: [ 84.821804] audit: type=1400 audit(148979443
Mar 17 23:47:12 localhost kernel: [ 84.823748] audit: type=1400 audit(148979443
Mar 17 23:47:12 localhost kernel: [ 84.823986] audit: type=1400 audit(148979443
Mar 17 23:47:12 localhost kernel: [ 84.844777] audit: type=1400 audit(148979443
Another set looks involve nmcli:
Mar 17 23:49:09 localhost kernel: [ 201.327213] audit: type=1400 audit(148979454
[log message above repeated 9 more times]
Then a further three denials are see after:
Mar 17 22:56:30 HGPLB02 kernel: [ 37.345676] audit: type=1400 audit(148979139
Mar 17 22:56:35 HGPLB02 kernel: [ 42.417241] audit: type=1400 audit(148979139
Mar 17 22:56:35 HGPLB02 kernel: [ 42.536214] audit: type=1400 audit(148979139
Here's my snap configuration:
admin@HGPLB02:~$ snap list
Name Version Rev Developer Notes
alsa-utils 1.1.2-5 68 canonical -
bluez 5.37-2 15 canonical -
caracalla 16.04-1.17 22 canonical -
caracalla-kernel 4.4.0 27 canonical -
core 16-2 1441 canonical -
locationd 3.0.0+16.
modem-manager 1.6.2-3 39 canonical -
network-manager 1.2.2-11 115 canonical -
snapweb 0.21.2 24 canonical -
tpm2 1.0-4 18 canonical -
udisks2 2.1.7-7 60 canonical -
uefi-fw-tools 1.2.1-0.7.2+git 3 canonical -
wifi-ap 13 93 canonical -
summary: |
- [Snap] NetworkManager miscellaneous Apparmor errors + NetworkManager miscellaneous Apparmor errors |
summary: |
- NetworkManager miscellaneous Apparmor errors + [network-manager] miscellaneous Apparmor DENIALs |
description: | updated |
description: | updated |
summary: |
- [network-manager] miscellaneous Apparmor DENIALs + [network-manager] Apparmor DENIALs |
description: | updated |
description: | updated |
ptrace ones can be ignored. Others are because of https:/ /bugs.launchpad .net/snappy/ +bug/1644573 and https:/ /bugs.launchpad .net/snappy/ +bug/1648427 for the relevant upstream bugs.
However for a clean log we should see what causes the ptrace denial and get it fixed to have the logs free of this.