Ubuntu
apparmor package

apparmor="DENIED" operation="file_mmap"

Bug #1571508 reported by Thomas Gegenheimer
10
This bug affects 2 people
Affects Status Importance Assigned to Milestone
apparmor (Ubuntu)
Confirmed
Undecided
Unassigned

Bug Description

Hi,

I installed apparmor in Ubuntu 16.04 for apache.
After I setup my usr.sbin.apache2 I now only get one Error in the logs, but I get that Error very often:

[769345.866276] audit: type=1400 audit(1460960479.211:13736): apparmor="DENIED" operation="file_mmap" info="Failed name lookup - disconnected path" error=-13 profile="/usr/sbin/apache2//owncloud" name="" pid=23422 comm="apache2" requested_mask="r" denied_mask="r" fsuid=33 ouid=33

I couldn't find anything about that error with name="".
What could that be about?

Revision history for this message
Seth Arnold (seth-arnold) wrote :

Hello, can you try modifying your apache apparmor profile to use "flags=(attach_disconnected)"?

It'd be something like changing:

/usr/sbin/apache2 {

to:

/usr/sbin/apache2 flags=(attach_disconnected) {

Then reload with apparmor_parser --replace /etc/apparmor.d/usr.sbin.apache2

Once that's done, could you report the new DENIED lines?

Thanks

Revision history for this message
Thomas Gegenheimer (t-gegenheimer-b) wrote :

Should I also use "flags=(attach_disconnected)" at ^owncloud or only at /usr/sbin/apache2?

I put the flag at /usr/sbin/apache2 and ^owncloud and now I get no DENIED lines...
Is that a good result?

What does that flag mean?

Revision history for this message
Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in apparmor (Ubuntu):
status: New → Confirmed
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.