apparmor="DENIED" operation="file_mmap"

Bug #1571508 reported by Thomas Gegenheimer on 2016-04-18
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
apparmor (Ubuntu)
Undecided
Unassigned

Bug Description

Hi,

I installed apparmor in Ubuntu 16.04 for apache.
After I setup my usr.sbin.apache2 I now only get one Error in the logs, but I get that Error very often:

[769345.866276] audit: type=1400 audit(1460960479.211:13736): apparmor="DENIED" operation="file_mmap" info="Failed name lookup - disconnected path" error=-13 profile="/usr/sbin/apache2//owncloud" name="" pid=23422 comm="apache2" requested_mask="r" denied_mask="r" fsuid=33 ouid=33

I couldn't find anything about that error with name="".
What could that be about?

Seth Arnold (seth-arnold) wrote :

Hello, can you try modifying your apache apparmor profile to use "flags=(attach_disconnected)"?

It'd be something like changing:

/usr/sbin/apache2 {

to:

/usr/sbin/apache2 flags=(attach_disconnected) {

Then reload with apparmor_parser --replace /etc/apparmor.d/usr.sbin.apache2

Once that's done, could you report the new DENIED lines?

Thanks

Should I also use "flags=(attach_disconnected)" at ^owncloud or only at /usr/sbin/apache2?

I put the flag at /usr/sbin/apache2 and ^owncloud and now I get no DENIED lines...
Is that a good result?

What does that flag mean?

To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers