Denying capability sys_ptrace logs a denial
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
apparmor (Ubuntu) |
Invalid
|
Undecided
|
Unassigned |
Bug Description
The Apparmor profile [1] I use for Pidgin have this to deny ptrace:
deny capability sys_ptrace,
yet, when I executed the binary I get that log message:
kernel: [ 6457.580652] type=1400 audit(139087543
It behaves as if the "audit" qualifier was used.
$ lsb_release -rd
Description: Ubuntu Trusty Tahr (development branch)
Release: 14.04
$ apt-cache policy apparmor
apparmor:
Installed: 2.8.0-0ubuntu38
Candidate: 2.8.0-0ubuntu38
Version table:
*** 2.8.0-0ubuntu38 0
500 http://
100 /var/lib/
1: https:/
ProblemType: Bug
DistroRelease: Ubuntu 14.04
Package: apparmor 2.8.0-0ubuntu38
ProcVersionSign
Uname: Linux 3.13.0-5-generic x86_64
ApportVersion: 2.13.2-0ubuntu2
Architecture: amd64
CurrentDesktop: Unity
Date: Mon Jan 27 21:31:31 2014
InstallationDate: Installed on 2014-01-26 (1 days ago)
InstallationMedia: Ubuntu 14.04 LTS "Trusty Tahr" - Alpha amd64 (20140124)
ProcKernelCmdline: BOOT_IMAGE=
SourcePackage: apparmor
UpgradeStatus: No upgrade log present (probably fresh install)
I confused "sys_ptrace" with "ptrace". Simply adding "deny ptrace," along with "deny capability sys_ptrace," makes the denial logs go away.