cupsd cause apparmor denials for /etc/ld.so.preload
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
apparmor (Ubuntu) |
Confirmed
|
Undecided
|
Unassigned | ||
snapd (Ubuntu) |
Triaged
|
Medium
|
Unassigned |
Bug Description
There is a constant flood of messages in dmesg:
[ 4431.638163] audit: type=1400 audit(146096251
[ 4431.661208] audit: type=1400 audit(146096251
[ 4431.661390] audit: type=1400 audit(146096251
[ 4431.661759] audit: type=1400 audit(146096251
[ 4431.661936] audit: type=1400 audit(146096251
[ 4431.661937] audit: type=1400 audit(146096251
[ 4431.662534] audit: type=1400 audit(146096251
[ 5081.410342] audit: type=1400 audit(146096316
[ 5081.446507] audit: type=1400 audit(146096316
ProblemType: Bug
DistroRelease: Ubuntu 16.04
Package: cups-daemon 2.1.3-4
ProcVersionSign
Uname: Linux 4.4.0-18-generic x86_64
ApportVersion: 2.20.1-0ubuntu2
Architecture: amd64
CupsErrorLog:
CurrentDesktop: X-Cinnamon
Date: Mon Apr 18 10:56:37 2016
EcryptfsInUse: Yes
InstallationDate: Installed on 2013-07-19 (1003 days ago)
InstallationMedia: Xubuntu 13.04 "Raring Ringtail" - Release i386 (20130423.1)
Lpstat: device for Generic-PCL-5e: socket:
MachineType: LENOVO 4298R86
Papersize: a4
PpdFiles: Error: command ['fgrep', '-H', '*NickName', '/etc/cups/
ProcKernelCmdLine: BOOT_IMAGE=
SourcePackage: cups
UpgradeStatus: Upgraded to xenial on 2015-10-29 (171 days ago)
dmi.bios.date: 12/01/2011
dmi.bios.vendor: LENOVO
dmi.bios.version: 8DET56WW (1.26 )
dmi.board.
dmi.board.name: 4298R86
dmi.board.vendor: LENOVO
dmi.board.version: Not Available
dmi.chassis.
dmi.chassis.type: 10
dmi.chassis.vendor: LENOVO
dmi.chassis.
dmi.modalias: dmi:bvnLENOVO:
dmi.product.name: 4298R86
dmi.product.
dmi.sys.vendor: LENOVO
modified.
# Cups configure options
# LOAD_LP_MODULE: enable/disable to load "lp" parallel printer driver module
# LOAD_LP_MODULE has migrated to /etc/modules-
# LOAD_LP_MODULE=yes
mtime.conffile.
George Shuklin (george-shuklin) wrote : | #1 |
- CurrentDmesg.txt Edit (82.5 KiB, text/plain; charset="utf-8")
- Dependencies.txt Edit (5.5 KiB, text/plain; charset="utf-8")
- JournalErrors.txt Edit (36.2 KiB, text/plain; charset="utf-8")
- KernLog.txt Edit (15.3 KiB, text/plain; charset="utf-8")
- Locale.txt Edit (352 bytes, text/plain; charset="utf-8")
- Lspci.txt Edit (10.6 KiB, text/plain; charset="utf-8")
- Lsusb.txt Edit (856 bytes, text/plain; charset="utf-8")
- PrintingPackages.txt Edit (1.1 KiB, text/plain; charset="utf-8")
- ProcCpuinfo.txt Edit (3.6 KiB, text/plain; charset="utf-8")
- ProcEnviron.txt Edit (313 bytes, text/plain; charset="utf-8")
- ProcInterrupts.txt Edit (2.5 KiB, text/plain; charset="utf-8")
- ProcModules.txt Edit (4.8 KiB, text/plain; charset="utf-8")
- UdevDb.txt Edit (163.0 KiB, text/plain; charset="utf-8")
Till Kamppeter (till-kamppeter) wrote : | #2 |
Changed in cups (Ubuntu): | |
status: | New → Incomplete |
George Shuklin (george-shuklin) wrote : | #3 |
It cause significant message flood in dmesg.
dmesg |grep cupsd|wc -l
117
Changed in cups (Ubuntu): | |
status: | Incomplete → New |
summary: |
- cupds cause apparmor denials for /etc/ld.so.preload + cupsd cause apparmor denials for /etc/ld.so.preload |
Martin (martin3000) wrote : | #4 |
Same here....
Martin (martin3000) wrote : | #5 |
It happened after I installed ESET Node32.
Till Kamppeter (till-kamppeter) wrote : | #6 |
OdyX, Jamie, Marc, should we simply allow cupsd accessing /etc/ld.so.preload? Or are there any security reasons against it? If there are reasons against it, how can we silence these messages?
Jamie Strandboge (jdstrand) wrote : | #7 |
/etc/ld.so.preload should be a site-specific file (ie, it shouldn't come from Ubuntu). I wouldn't want to break people by adding an explicit deny, but I'd prefer users encountering this to update their /etc/apparmor.
/etc/ld.so.preload r,
Or if people just want to silence it and not allow it:
deny /etc/ld.so.preload r,
Then run: sudo apparmor_parser -r /etc/apparmor.
(note, that the file to apparmor_parser is not the one that was modified)
Seth Arnold (seth-arnold) wrote : | #8 |
Jamie, note that we added /etc/ld.so.preload to <abstractions/base> in the upstream project:
http://
It's a pity AppArmor SRUs take so much effort. :(
Thanks
Till Kamppeter (till-kamppeter) wrote : | #9 |
Seth, this means then that this is an AppArmor bug and not a CUPS bug.
Moving ...
affects: | cups (Ubuntu) → apparmor (Ubuntu) |
Edson José dos Santos (serial.com) wrote : | #10 |
Estou com o mesmo problema no Ubuntu 18.10 Cosmic apos instalação do Eset para Linux 4.90
I'm having the same problem with Ubuntu 18.10 Cosmic after installing Eset for Linux 4.90
Segue os logs:
09/11/2018 00:14:11 Preload library access control Cannot connect to /tmp/esets.sock: Permission denied
09/11/2018 00:13:40 Preload library access control Cannot connect to /tmp/esets.sock: Permission denied
09/11/2018 00:00:56 Preload library access control Cannot connect to /tmp/esets.sock: Permission denied
09/11/2018 00:00:25 Preload library access control Cannot connect to /tmp/esets.sock: Permission denied
09/11/2018 00:00:25 Preload library access control Cannot connect to /tmp/esets.sock: Permission denied
09/11/2018 00:00:25 Preload library access control Cannot connect to /tmp/esets.sock: Permission denied
09/11/2018 00:00:25 Preload library access control Cannot connect to /tmp/esets.sock: Permission denied
09/11/2018 00:00:25 Preload library access control Cannot connect to /tmp/esets.sock: Permission denied
09/11/2018 00:00:25 Preload library access control Cannot connect to /tmp/esets.sock: Permission denied
09/11/2018 00:00:25 Preload library access control Cannot connect to /tmp/esets.sock: Permission denied
09/11/2018 00:00:25 Preload library access control Cannot connect to /tmp/esets.sock: Permission denied
09/11/2018 00:00:25 Preload library access control Cannot connect to /tmp/esets.sock: Permission denied
09/11/2018 00:00:25 Preload library access control Cannot connect to /tmp/esets.sock: Permission denied
08/11/2018 23:15:51 Preload library access control Cannot connect to /tmp/esets.sock: Permission denied
08/11/2018 23:15:20 Preload library access control Cannot connect to /tmp/esets.sock: Permission denied
08/11/2018 23:15:00 Preload library access control Cannot connect to /tmp/esets.sock: Permission denied
08/11/2018 23:14:35 Media control access Cannot unblock removable media (org.freedeskto
08/11/2018 22:43:48 Preload library access control Cannot connect to /tmp/esets.sock: Permission denied
08/11/2018 22:43:17 Preload library access control Cannot connect to /tmp/esets.sock: Permission denied
08/11/2018 22:42:54 Preload library access control Cannot connect to /tmp/esets.sock: Permission denied
08/11/2018 22:42:33 Media control access Cannot unblock removable media (org.freedeskto
08/11/2018 22:41:30 ESET Daemon Cannot read from socket: Connection reset by peer
08/11/2018 22:41:29 Preload library access control Cannot connect to /tmp/esets.sock: Permission denied
08/11/2018 22:33:06 Preload library access control Cannot connect to /tmp/esets.sock: Permission denied
08/11/2018 22:32:35 Preload library access control Cannot connect to /tmp/esets.sock: Permission denied
08/11/2018 21:34:46 Preload library access control Cannot connect to /tmp/esets.sock: Permission denied
08/11/2018 21:34:15 Preload library access control Cannot connect to /tmp/esets.sock: Permission denied
08/11/2018 20:36:26 Preload library access control Cannot connect to /tmp/esets.sock: Permission denied
08/11/2018 20:35:55 Preload library access control Cannot con...
Seth Arnold (seth-arnold) wrote : | #11 |
Edson, you have a different issue.
If you want to use ESET then you should add:
/tmp/esets.sock rw,
to the /etc/apparmor.
sudo systemctl reload apparmor
Thanks
Edson José dos Santos (serial.com) wrote : | #12 |
Hello Seth Arnold
How do I run this: "/tmp/esets.sock rw" since Eset is already installed?
The same happens to this: to the /etc/apparmor.
This I run it: sudo systemctl reload apparmor
I am a beginner and linux and if this happens the error messages will disappear from the startup and Eset Antivirus for linux version 4.90?
Grateful for the attention
Edson Santos
*******
Hello Seth Arnold
Como eu executo isso: " /tmp/esets.sock rw " uma vez que o Eset já está instalado?
O mesmos se da a este: to the /etc/apparmor.
Este eu seu executar: sudo systemctl reload apparmor
Sou iniciante e linux e se realizar este procedientos as mensagens de erro vao sumir da inicialização e do Eset Antivirus para linux versão 4.90?
Grato pela atenção
Edson Santos
Seth Arnold (seth-arnold) wrote : Re: [Bug 1571531] Re: cupsd cause apparmor denials for /etc/ld.so.preload | #13 |
On Sat, Nov 10, 2018 at 06:35:10PM -0000, Edson José dos Santos wrote:
> How do I run this: "/tmp/esets.sock rw" since Eset is already installed?
>
> The same happens to this: to the /etc/apparmor.
> and run:
>
> This I run it: sudo systemctl reload apparmor
>
> I am a beginner and linux and if this happens the error messages will
> disappear from the startup and Eset Antivirus for linux version 4.90?
Hello Edson,
Use your favourite text editor (as root) to modify
/etc/apparmor.
Add at the end of the file this line:
/tmp/esets.sock rw,
Be sure to keep the comma.
Save the file, then run:
sudo systemctl reload apparmor
This will at least allow all confined processes that use this abstraction
to communicate with the antivirus daemon. There may be confined processes
on your system that don't use this file, but this should get many of them.
If the ESET code injected into every process on your system requires
further resources, you may need to make more modifications.
Thanks
Edson José dos Santos (serial.com) wrote : | #14 |
Hello Arnold
I followed the request, but I did not succeed.
The messages continue (!) See:
15/02/2019 19:20:24 Preload library access control Cannot connect to /tmp/esets.sock: Permission denied
15/02/2019 19:19:53 Preload library access control Cannot connect to /tmp/esets.sock: Permission denied
15/02/2019 19:17:51 Preload library access control Cannot connect to /tmp/esets.sock: Permission denied
15/02/2019 19:17:35 Media control access Cannot unblock removable media (org.freedeskto
15/02/2019 19:16:17 Preload library access control Cannot read from socket: Connection reset by peer
15/02/2019 19:16:12 Preload library access control Cannot connect to /tmp/esets.sock: Permission denied
15/02/2019 19:15:43 Preload library access control Cannot connect to /tmp/esets.sock: Permission denied
According to the Eset literature it is necessary to disable appArmor and I will not do it.
I'm going to play the boat until ESET can make updates available so that both can talk peacefully without conflict.
Anyway thank you very much and if you have another solution for this I look forward to your return.
Seth Arnold (seth-arnold) wrote : | #15 |
Hello Edson, what's the output of:
dmesg | grep DENIED
Thanks
Edson José dos Santos (serial.com) wrote : | #16 |
Follow the requested Arnold
edson@edson-
[ 30.061074] audit: type=1400 audit(155026543
[ 32.337797] audit: type=1400 audit(155026543
[ 32.337801] audit: type=1400 audit(155026543
[ 32.337814] audit: type=1400 audit(155026543
[ 42.094120] audit: type=1400 audit(155026544
[ 42.094132] audit: type=1400 audit(155026544
[ 42.094169] audit: type=1400 audit(155026544
[ 42.132804] audit: type=1400 audit(155026544
[ 42.132808] audit: type=1400 audit(155026544
[ 42.132870] audit: type=1400 audit(155026544
[ 67.244394] audit: type=1400 audit(155026547
[ 189.097514] audit: type=1400 audit(155026559
Seth Arnold (seth-arnold) wrote : | #17 |
Hello Edson,
Please add these lines to your /etc/apparmor.
/etc/opt/eset/ r,
/etc/opt/eset/** r,
/opt/
unix (connect, send, receive) peer=(addr=
Then sudo /etc/init.
If that appeared to work fine, then reboot.
I expect we'll probably see more once you've done these.
Thanks
Edson José dos Santos (serial.com) wrote : | #18 |
- recorded and saved text Edit (175.3 KiB, image/png)
Hello Arnold
I followed his indication, but the denied permission messages continue, before and after the reboot. Follow the texts and the images so that you can analyze them.
edson@edson-
[sudo] senha para edson:
root@edson-
malloc_
Abortado (imagem do núcleo gravada)
root@edson-
[ ok ] Reloading apparmor configuration (via systemctl): apparmor.service.
root@edson-
The image of the procedure performed in the attached terminal follows.
The image of the antivirus with permission message denied after procedure follows.
Follows the image of the antivirus and the text below after reboot
16/02/2019 01:19:17 Preload library access control Cannot connect to /tmp/esets.sock: Permission denied
16/02/2019 01:18:46 Preload library access control Cannot connect to /tmp/esets.sock: Permission denied
16/02/2019 01:18:18 ESET Daemon /usr/bin/python3.7 - CREATE - Long scan time:8sec [ts:Sat Feb 16 01:18:10 2019 te:Sat Feb 16 01:18:18 2019] for /tmp/apport_
16/02/2019 01:17:35 Preload library access control Cannot connect to /tmp/esets.sock: Permission denied
16/02/2019 01:17:13 Media control access Cannot unblock removable media (org.freedeskto
16/02/2019 01:14:53 Preload library access control Cannot connect to /tmp/esets.sock: Permission denied
Edson José dos Santos (serial.com) wrote : | #19 |
Edson José dos Santos (serial.com) wrote : | #20 |
Edson José dos Santos (serial.com) wrote : | #21 |
- Status after reboot Edit (199.3 KiB, image/png)
Status after reboot
16/02/2019 01:22:13 Preload library access control Unknown opened directory on descriptor 206
16/02/2019 01:22:13 Preload library access control Unknown opened directory on descriptor 232
16/02/2019 01:22:13 Preload library access control Unknown opened directory on descriptor 206
16/02/2019 01:22:13 Preload library access control Unknown opened directory on descriptor 232
16/02/2019 01:22:13 Preload library access control Unknown opened directory on descriptor 206
16/02/2019 01:22:13 Preload library access control Unknown opened directory on descriptor 237
16/02/2019 01:22:13 Preload library access control Unknown opened directory on descriptor 232
16/02/2019 01:22:13 Preload library access control Unknown opened directory on descriptor 179
16/02/2019 01:22:13 Preload library access control Unknown opened directory on descriptor 204
16/02/2019 01:22:13 Preload library access control Unknown opened directory on descriptor 179
16/02/2019 01:22:13 Preload library access control Unknown opened directory on descriptor 204
16/02/2019 01:22:13 Preload library access control Unknown opened directory on descriptor 179
16/02/2019 01:22:13 Preload library access control Unknown opened directory on descriptor 204
16/02/2019 01:22:13 Preload library access control Unknown opened directory on descriptor 204
16/02/2019 01:22:13 Preload library access control Unknown opened directory on descriptor 179
16/02/2019 01:22:13 Preload library access control Unknown opened directory on descriptor 204
16/02/2019 01:22:13 Preload library access control Unknown opened directory on descriptor 180
16/02/2019 01:19:17 Preload library access control Cannot connect to /tmp/esets.sock: Permission denied
16/02/2019 01:18:46 Preload library access control Cannot connect to /tmp/esets.sock: Permission denied
16/02/2019 01:18:18 ESET Daemon /usr/bin/python3.7 - CREATE - Long scan time:8sec [ts:Sat Feb 16 01:18:10 2019 te:Sat Feb 16 01:18:18 2019] for /tmp/apport_
16/02/2019 01:17:35 Preload library access control Cannot connect to /tmp/esets.sock: Permission denied
16/02/2019 01:17:13 Media control access Cannot unblock removable media (org.freedeskto
16/02/2019 01:14:53 Preload library access control Cannot connect to /tmp/esets.sock: Permission denied
Seth Arnold (seth-arnold) wrote : | #22 |
Hello Edson, thanks for the reply; can you re-run this command and paste back the results?
dmesg | grep DENIED
Thanks
Edson José dos Santos (serial.com) wrote : | #23 |
- grep DENIED Edit (1.1 MiB, image/png)
Hello Arnold
Follow the requested
This time the entries denied decreased.
edson@edson-
[ 47.001504] audit: type=1400 audit(155031446
[ 55.196236] audit: type=1400 audit(155031446
[ 66.759547] audit: type=1400 audit(155031448
[ 107.199091] audit: type=1400 audit(155031452
[ 138.263638] audit: type=1400 audit(155031455
edson@edson-
Thank you
Seth Arnold (seth-arnold) wrote : | #24 |
Hello Edson,
Are all those messages after adding this rule to your abstractions/base?
unix (connect, send, receive) peer=(addr=
Thanks
Edson José dos Santos (serial.com) wrote : | #25 |
Hello Arnold
Are all those messages after adding this rule to your abstractions/base?
Answer: EXACT
What to do with this low line?
unix (connect, send, receive) peer = (addr = "@ 2F746D702F65736
Is she the problem?
Thanks
Seth Arnold (seth-arnold) wrote : | #27 |
Alright, I don't know why that line didn't work. Replace it with this one:
unix,
it's a lot more open than I'd like, but I don't know why the more specific rule didn't work. So, lets try this.
Thanks
Edson José dos Santos (serial.com) wrote : | #28 |
Hi Arnold,
Is it the same correct procedure?
/etc/apparmor.
unix (connect, send, receive) peer = (addr = "@ 2F746D702F65736
Then sudo /etc/init.
If that appeared to work fine, then reboot.
Thanks
Seth Arnold (seth-arnold) wrote : | #29 |
On Mon, Feb 18, 2019 at 01:26:02PM -0000, Edson José dos Santos wrote:
> Is it the same correct procedure?
>
> /etc/apparmor.
>
> unix (connect, send, receive) peer = (addr = "@
> 2F746D702F65736
>
> Then sudo /etc/init.
> If that appeared to work fine, then reboot.
yes, same procedure :)
Thanks
Edson José dos Santos (serial.com) wrote : | #30 |
Line replaced successfully:
From: unix (connect, send, receive) peer=(addr=
To: unix (connect, send, receive) peer = (addr = "@ 2F746D702F65736
At the moment of saving with: sudo /etc/init.
I tried doing it again without restarting and the procedure was not allowed.
I'll restart and see how it went.
Thank you
Edson José dos Santos (serial.com) wrote : | #31 |
Olá Arnold
I refined the procedure again and this time, everything OK
edson@edson-
[sudo] senha para edson:
root@edson-
malloc_
Abortado (imagem do núcleo gravada)
root@edson-
[ ok ] Reloading apparmor configuration (via systemctl): apparmor.service.
root@edson-
After restarting the messages continue to appear in AV ESET 4.0.90 log for Linux.
18/02/2019 12:03:21 Preload library access control Cannot connect to /tmp/esets.sock: Permission denied
18/02/2019 12:02:50 Preload library access control Cannot connect to /tmp/esets.sock: Permission denied
18/02/2019 12:02:13 Preload library access control Cannot connect to /tmp/esets.sock: Permission denied
18/02/2019 12:01:50 Media control access Cannot unblock removable media (org.freedeskto
18/02/2019 12:00:44 ESET Daemon Cannot read from socket: Connection reset by peer
18/02/2019 12:00:44 Preload library access control Cannot connect to /tmp/esets.sock: Permission denied
18/02/2019 12:00:44 Preload library access control Cannot connect to /tmp/esets.sock: Permission denied
I requested a new dmesg command | grep DENIED and see the result below:
edson@edson-
[ 72.513481] audit: type=1400 audit(155050213
[ 109.688649] audit: type=1400 audit(155050217
[ 140.753996] audit: type=1400 audit(155050220
edson@edson-
They decreased from 6 to 3 lines, where initially they were 11.
Awaiting further instructions.
Thank you
Seth Arnold (seth-arnold) wrote : | #32 |
On Mon, Feb 18, 2019 at 02:45:16PM -0000, Edson José dos Santos wrote:
> Line replaced successfully:
>
> From: unix (connect, send, receive)
> peer=(addr=
>
> To: unix (connect, send, receive) peer = (addr = "@
> 2F746D702F65736
Ah, sorry, I am sleep deprived. The new line is:
unix,
> At the moment of saving with: sudo /etc/init.
> procedure failed and I could not copy the error message.
Thanks
Christian Boltz (cboltz) wrote : | #33 |
> unix (connect, send, receive) peer = (addr = "@ 2F746D702F65736
Did you really use exactly this line (with "@_space_
Edson José dos Santos (serial.com) wrote : | #34 |
Yes and with the comma in the end, equal to the first request.
Look:
etc/opt/eset/ r,
/etc/opt/eset/** r,
/opt/
unix (connect, send, receive) peer=(addr=
The second request was as follows:
unix (connect, send, receive) peer = (addr = "@ 2F746D702F65736
This last request I will make and I will return:
unix (connect, send, receive) peer = (addr="
Do I add the comma in the end too or not? See if that's exactly what you want me to do.
Thank you
Edson José dos Santos (serial.com) wrote : | #35 |
Using this line ( unix (connect, send, receive) peer = (addr="
18/02/2019 14:36:12 Preload library access control Cannot connect to /tmp/esets.sock: Permission denied
18/02/2019 14:35:41 Preload library access control Cannot connect to /tmp/esets.sock: Permission denied
18/02/2019 14:34:23 Preload library access control Cannot connect to /tmp/esets.sock: Permission denied
18/02/2019 14:34:00 Media control access Cannot unblock removable media (org.freedeskto
18/02/2019 14:32:52 ESET Daemon Cannot read from socket: Connection reset by peer
18/02/2019 14:32:52 Preload library access control Cannot connect to /tmp/esets.sock: Permission denied
18/02/2019 14:32:52 ESET Daemon Cannot read from socket: Connection reset by peer
18/02/2019 14:32:52 Preload library access control Cannot connect to /tmp/esets.sock: Permission denied
He still keeps the three lines denied:
edson@edson-
[ 73.720352] audit: type=1400 audit(155051126
[ 151.889550] audit: type=1400 audit(155051134
[ 182.991029] audit: type=1400 audit(155051137
edson@edson-
Obrigado
Edson José dos Santos (serial.com) wrote : | #36 |
Hi guys
Waiting for new instructions
Thank you
Seth Arnold (seth-arnold) wrote : | #37 |
Hi Edson.. so, the last idea I've got is:
unix,
in /etc/apparmor.
Do the usual reload, and reboot if it worked, dance.
Thanks
Edson José dos Santos (serial.com) wrote : | #38 |
Hi, Arnold
It includes the comma in the line after the unix as requested, but appeared error message at the time of applying sudo /etc/init.
unix, (connect, send, receive) peer = (addr="
edson@edson-
[sudo] senha para edson:
root@edson-
malloc_
Abortado (imagem do núcleo gravada)
root@edson-
[....] Reloading apparmor configuration (via systemctl): apparmor.serviceJob for apparmor.service failed because the control process exited with error code.
See "systemctl status apparmor.service" and "journalctl -xe" for details.
failed!
root@edson-
[....] Reloading apparmor configuration (via systemctl): apparmor.
failed!
root@edson-
I will restart and then I will return again
Obrigado
Edson José dos Santos (serial.com) wrote : | #39 |
I restarted and rephased the procedure and says that the apparmor can not recharge.
Look:
edson@edson-
[sudo] senha para edson:
root@edson-
malloc_
Abortado (imagem do núcleo gravada)
root@edson-
[....] Reloading apparmor configuration (via systemctl): apparmor.
failed!
root@edson-
See too:
22/02/2019 07:31:50 Media control access Cannot unblock removable media (org.freedeskto
22/02/2019 07:30:33 Preload library access control Cannot connect to /tmp/esets.sock: Permission denied
22/02/2019 07:30:33 Preload library access control Cannot connect to /tmp/esets.sock: Permission denied
See too:
root@edson-
[ 38.206971] audit: type=1400 audit(155083149
[ 38.206975] audit: type=1400 audit(155083149
[ 38.206978] audit: type=1400 audit(155083149
[ 46.486291] audit: type=1400 audit(155083150
[ 46.723239] audit: type=1400 audit(155083150
[ 46.723261] audit: type=1400 audit(155083150
[ 46.723289] audit: type=1400 audit(155083150
[ 46.746999] audit: type=1400 audit(155083150
[ 46.914262] audit: type=1400 audit(155083150
[ 46.914283] audit: type=140...
Seth Arnold (seth-arnold) wrote : | #40 |
Hello snapd friends, Edson has an antivirus tool that requires all processes have write access to a unix domain socket. Adding a rule to /etc/apparmor.
What's the mechanism for admins to add local rules to this file?
Thanks
Edson José dos Santos (serial.com) wrote : | #41 |
After some initialization, this message only appears below in the ESET event log.
Look:
22/02/2019 08:14:13 Media control access Can not unblock removable media (org.freedeskto
The rest are gone :)
Waiting for new instructions
Thank you
Edson José dos Santos (serial.com) wrote : | #42 |
Hi, Arnold
At startup the error message is appearing in apparmor and I would like to know how to generate a log to introduce them to you or just the boot boot log. In the absence of this I got this other log, where it points several flaws.
edson@edson-
Feb 27 09:24:51 edson-p6540br rsyslogd: [origin software="rsyslogd" swVersion="8.32.0" x-pid="975" x-info="http://
Feb 27 09:24:51 edson-p6540br thermald[987]: I/O warning : failed to load external entity "/etc/thermald/
Feb 27 09:24:51 edson-p6540br thermald[987]: error: could not parse file /etc/thermald/
Feb 27 09:24:51 edson-p6540br thermald[987]: Unsupported cpu model, use thermal-conf.xml file or run with --ignore-
Feb 27 09:24:51 edson-p6540br thermald[987]: THD engine start failed
Feb 27 09:24:51 edson-p6540br systemd[1]: thermald.service: Succeeded.
Feb 27 09:24:51 edson-p6540br canonical-
Feb 27 09:24:51 edson-p6540br kernel: [ 35.373576] kauditd_printk_skb: 10 callbacks suppressed
Feb 27 09:24:51 edson-p6540br kernel: [ 35.373578] audit: type=1400 audit(155127029
Feb 27 09:24:51 edson-p6540br kernel: [ 35.373601] audit: type=1400 audit(155127029
Feb 27 09:24:51 edson-p6540br kernel: [ 35.373632] audit: type=1400 audit(155127029
Feb 27 09:24:52 edson-p6540br polkitd[1205]: started daemon version 0.105 using authority implementation `local' version `0.105'
Feb 27 09:24:52 edson-p6540br dbus-daemon[993]: [system] Successfully activated service 'org.freedeskto
Feb 27 09:24:52 edson-p6540br systemd[1]: Started Authorization Manager.
Feb 27 09:24:52 edson-p6540br dbus-daemon[993]: [system] Successfully activated service 'org.freedeskto
Feb 27 09:24:52 edson-p6540br systemd[1]: Started Network Manager Script Dispatcher Service.
Feb 27 09:24:52 edson-p6540br avahi-daemon[1126]: Server startup complete. Host name is edson-p6540br.
Feb 27 09:24:52 edson-p6540br systemd[1]: tmp-snap.
Feb 27 09:24:52 edson-p6540br systemd[1]: logrotate.service: Succeeded.
Feb 27 09:24:52 edson-p6540br systemd[1]: Started Rotate log files.
Feb 27 09:24:52 edson-p6540br snapd[1087]: daemon.go:379: started snapd/2.
Feb 27 09:24:52 edson-p6540br Network...
Edson José dos Santos (serial.com) wrote : | #43 |
Hi Arnold
I got the apparmor log showing boot error.
------------ Wed Feb 27 09:24:41 -03 2019 ------------
[[0;32m OK [0m] Started [0;1;39mShow Plymouth Boot Screen[0m.
[[0;32m OK [0m] Started [0;1;39mForward Password R…s to Plymouth Directory Watch[0m.
[[0;32m OK [0m] Reached target [0;1;39mLocal Encrypted Volumes[0m.
[[0;32m OK [0m] Started [0;1;39mNetwork Time Synchronization
[[0;32m OK [0m] Reached target [0;1;39mSystem Time Synchronized[0m.
[[0;32m OK [0m] Listening on [0;1;39mLoad/Save RF …itch Status /dev/rfkill Watch[0m.
[[0;32m OK [0m] Started [0;1;39mNetwork Name Resolution[0m.
[[0;32m OK [0m] Reached target [0;1;39mHost and Network Name Lookups[0m.
Starting [0;1;39mTell Plymouth To Write Out Runtime Data[0m...
Starting [0;1;39mGRUB failed boot detection[0m...
[[0;32m OK [0m] Started [0;1;39mTell Plymouth To Write Out Runtime Data[0m.
[[0;32m OK [0m] Started [0;1;39mGRUB failed boot detection[0m.
[[0;1;
See 'systemctl status apparmor.service' for details.
[[0;32m OK [0m] Reached target [0;1;39mSystem Initialization[0m.
[[0;32m OK [0m] Started [0;1;39mTrigger anacron every hour[0m.
[[0;32m OK [0m] Listening on [0;1;39mD-Bus System Message Bus Socket[0m.
[[0;32m OK [0m] Started [0;1;39mDaily Cleanup of Temporary Directories[0m.
Starting [0;1;39mSocket activation for snappy daemon[0m.
[[0;32m OK [0m] Started [0;1;39mProcess error repo…rting is enabled (file watch)[0m.
[[0;32m OK [0m] Started [0;1;39mDaily man-db regeneration[0m.
[[0;32m OK [0m] Started [0;1;39mDaily rotation of log files[0m.
[[0;32m OK [0m] Started [0;1;39mMessage of the Day[0m.
[[0;32m OK [0m] Listening on [0;1;39mActivation so… for spice guest agent daemon[0m.
[[0;32m OK [0m] Listening on [0;1;39mAvahi mDNS/DNS-SD Stack Activation Socket[0m.
[[0;32m OK [0m] Listening on [0;1;39mCUPS Scheduler[0m.
[[0;32m OK [0m] Started [0;1;39mDiscard unused blocks once a week[0m.
[[0;32m OK [0m] Started [0;1;39mDaily apt download activities[0m.
[[0;32m OK [0m] Started [0;1;39mDaily apt upgrade and clean activities[0m.
[[0;32m OK [0m] Listening on [0;1;39mUUID daemon activation socket[0m.
[[0;32m OK [0m] Reached target [0;1;39mTimers
[[0;32m OK [0m] Started [0;1;39mCUPS Scheduler[0m.
[[0;32m OK [0m] Reached target [0;1;39mPaths[0m.
Starting [0;1;39mRaise network interfaces[0m...
[[0;32m OK [0m] Listening on [0;1;39mSocket activation for snappy daemon[0m.
[[0;32m OK [0m] Reached target [0;1;39mSocket
[[0;32m OK [0m] Reached target [0;1;39mBasic System[0m.
Starting [0;1;39mRotate log files[0m...
Starting [0;1;39mSystem Logging Service[0m...
[[0;32m OK [0m] Started [0;1;39mSet the CPU Frequency Scaling governor[0m.
Starting [0;1;39mDisk Manager[0m...
[[0;32m OK [0m] Reached target [0;1;39mLogin Prompts[0m.
[[0;32m OK [0m] Reached target [0;1;39mSound Card[0m.
Starting [0;1;39mLSB: automatic crash report generation[0...
Seth Arnold (seth-arnold) wrote : | #44 |
On Wed, Feb 27, 2019 at 12:59:14PM -0000, Edson José dos Santos wrote:
> Hi, Arnold
>
> At startup the error message is appearing in apparmor and I would like
> to know how to generate a log to introduce them to you or just the boot
> boot log. In the absence of this I got this other log, where it points
> several flaws.
> Feb 27 09:37:29 edson-p6540br systemd-
> Feb 27 09:37:29 edson-p6540br apparmor[376]: Erro do analisador AppArmor para /etc/apparmor.
> Feb 27 09:37:29 edson-p6540br apparmor[376]: Erro do analisador AppArmor para /etc/apparmor.
Hello Edson, this means there's an error, probably in
/etc/apparmor.
Can you paste the last ten or twenty lines of that file?
Thanks
Edson José dos Santos (serial.com) wrote : | #45 |
Hello Arnold
As requested:
# Workaround https:/
# filesystems generally. This does not appreciably decrease security with
# Ubuntu profiles because the user is expected to have access to files owned
# by him/her. Exceptions to this are explicit in the profiles. While this rule
# grants access to those exceptions, the intended privacy is maintained due to
# the encrypted contents of the files in this directory. Files in this
# directory will also use filename encryption by default, so the files are
# further protected. Also, with the use of 'owner', this rule properly
# prevents access to the files from processes running under a different uid.
# encrypted ~/.Private and old-style encrypted $HOME
owner @{HOME}/.Private/** mrixwlk,
# new-style encrypted $HOME
owner @{HOMEDIRS}
/tmp/esets.sock rw,
/etc/opt/eset/ r,
/etc/opt/eset/** r,
/opt/
unix, (connect, send, receive) peer = (addr="
Thank You
Seth Arnold (seth-arnold) wrote : | #46 |
On Thu, Feb 28, 2019 at 03:04:00AM -0000, Edson José dos Santos wrote:
> Hello Arnold
> unix, (connect, send, receive) peer = (addr="
Excellent, here's the mistake. Remove everything after the comma:
unix,
Then try the reboot again.
Edson José dos Santos (serial.com) wrote : | #47 |
Hi Arnold
It looks like this:
/tmp/esets.sock rw,
/etc/opt/eset/ r,
/etc/opt/eset/** r,
/opt/eset/
unix,
Ao tentar salvar apareceu a mensage abaixo:
dson@edson-
[sudo] senha para edson:
root@edson-
malloc_
Abortado (imagem do núcleo gravada)
root@edson-
[....] Reloading apparmor configuration (via systemctl): apparmor.
failed!
root@edson-
[....] Reloading apparmor configuration (via systemctl): apparmor.
failed!
root@edson-
I'll restart to see how it went.
Thanks
Edson José dos Santos (serial.com) wrote : | #48 |
Hi Arnold
The apparmour error message at startup of the ubuntu disk has disappeared.
The only messages that appear in Eset's event log are these lines below:
28/02/2019 00:57:54 Media control access Unable to unlock removable media (org.freedeskto
28/02/2019 00:56:39 ESET Daemon Unable to read from socket: Connection reestablished by the same protocol level
The permissions appear to be released, as can be seen in the Eset event log.
2/28/2019 00:52:13 Preload library access control Open directory not found at descriper 282
2/28/2019 00:52:13 Preload library access control Open directory not found at descriper 299
2/28/2019 00:52:13 Preload library access control Open directory not found at descriper 282
2/28/2019 00:52:13 Preload library access control Open directory not found at descriper 299
2/28/2019 00:52:13 Preload library access control Open directory not found at descriper 282
2/28/2019 00:52:13 Preload library access control Open directory not found at descriper 299
2/28/2019 00:52:13 Preload library access control Open directory not found at descriper 282
All of these messages already appeared before the last line changes, leaving only unix,
Here's the new dmesg log:
edson@edson-
[ 58.334359] audit: type=1400 audit(155132627
[ 58.334386] audit: type=1400 audit(155132627
[ 63.970789] audit: type=1400 audit(155132628
[ 63.971152] audit: type=1400 audit(155132628
[ 63.971156] audit: type=1400 audit(155132628
[ 64.218981] audit: type=1400 audit(155132628
[ 64.219001] audit: type=1400 audit(155132628
[ 64.219030] audit: type=1400 audit(155132628
Seth Arnold (seth-arnold) wrote : | #49 |
On Thu, Feb 28, 2019 at 04:08:09AM -0000, Edson José dos Santos wrote:
> edson@edson-
> [ 58.334359] audit: type=1400 audit(155132627
Excellent, much better!
Now we just need our snapd friends to tell us the proper way an admin
can add rules to the snap-confine profile.
Thanks
Ian Johnson (anonymouse67) wrote : | #50 |
I don't think we have such a capability right now in snapd. If you locally modify the snap-confine profile, it will be rewritten on at least core refreshes (and reboots as well if I'm not mistaken), so it sounds like we need some mechanism to specify additional rules to be included in the snap-confine profile.
Changed in snapd (Ubuntu): | |
status: | New → Triaged |
importance: | Undecided → Medium |
Launchpad Janitor (janitor) wrote : | #51 |
Status changed to 'Confirmed' because the bug affects multiple users.
Changed in apparmor (Ubuntu): | |
status: | New → Confirmed |
bzipitidoo (bzipitidoo) wrote : | #52 |
I'm seeing this problem in Lubuntu 20.04. The system discovered my network printer automatically. (It chose A4 paper size, but I am in the US and use letter size. Changing to letter didn't matter for this problem.) When I print an error message pops up: "cups-pki-expired." In the logs, I see this:
Apr 27 00:32:58 moo kernel: [148547.069532] audit: type=1400 audit(158796557
Apr 27 00:33:51 moo kernel: [148600.001307] kauditd_printk_skb: 5 callbacks suppressed
Apr 27 00:33:51 moo kernel: [148600.001309] audit: type=1400 audit(158796563
...
Apr 27 00:33:58 moo kernel: [148607.079070] audit: type=1400 audit(158796563
Apr 27 00:33:58 moo kernel: [148607.079096] audit: type=1400 audit(158796563
Apr 27 00:33:58 moo kernel: [148607.079226] audit: type=1400 audit(158796563
Apr 27 00:33:58 moo kernel: [148607.079261] audit: type=1400 audit(158796563
Apr 27 00:34:00 moo /hpfax: [16748]: error: Failed to create /var/spool/
Elias Tsolis (estatistics) wrote (last edit ): | #53 |
800+ messages... in Bookworm sid upgrade... "[234924.337737] audit: type=1400 audit(167949316
Does this lead to any restriction or problem with printing? Or does printing work normally for you?