network ACLs are not documented in manpages
Bug #172534 reported by
Martin Pitt
This bug affects 2 people
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
AppArmor |
Won't Fix
|
Medium
|
|||
apparmor (Ubuntu) |
Fix Released
|
Low
|
Unassigned |
Bug Description
Binary package hint: apparmor
See bug 147800 for details, cupsys' apparmor profile causes bluez-cups to break because AppArmor does not allow the creation of a bluetooth socket:
Nov 28 11:19:18 donald kernel: [ 9030.516116] audit(119624515
However, there is no way to configure a profile to create it. There are no particular socket ACLs (at least not documented ones), and it still happens if I allow access to all files and all capabilities. Thus the only working fallback is to allow unconfined execution.
Changed in apparmor: | |
status: | New → Confirmed |
Changed in apparmor: | |
status: | Unknown → In Progress |
Changed in apparmor: | |
status: | In Progress → Won't Fix |
Changed in apparmor: | |
importance: | Unknown → Medium |
To post a comment you must log in.
On Wed, Nov 28, 2007 at 10:24:52AM -0000, Martin Pitt wrote: 8.605:22) : type=1503 operation= "socket_ create" "seqpacket" protocol=0 pid=16752 "/usr/sbin/ cupsd"
> Public bug reported:
>
> Binary package hint: apparmor
>
> See bug 147800 for details, cupsys' apparmor profile causes bluez-cups
> to break because AppArmor does not allow the creation of a bluetooth
> socket:
>
> Nov 28 11:19:18 donald kernel: [ 9030.516116]
> audit(119624515
> family="bluetooth" sock_type=
> profile=
>
> However, there is no way to configure a profile to create it. There are
> no particular socket ACLs (at least not documented ones), and it still
> happens if I allow access to all files and all capabilities. Thus the
> only working fallback is to allow unconfined execution.
I believe this is a documentation bug (and perhaps a logprof bug), but
adding the statement
network bluetooth,
should stop this action from being rejected.
-- NxNW.org/ ~steve/
Steve Beattie
<email address hidden>
http://