aa-logprof not useful in an lxd instance

Bug #1788973 reported by Seth Arnold on 2018-08-25
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
AppArmor
Undecided
Unassigned
apparmor (Ubuntu)
Undecided
Unassigned

Bug Description

Hello, aa-logprof doesn't do anything useful in an lxd instance:

First, I remove the /** mrixwlk, rule from the man profile, so I'll be sure to have an easy way to create a denial. Then I generate a denial, install aa-logprof, and run aa-logprof.

The aa-logprof output looks identical to a run with no denials at all.

I do not know what to suggest -- discovering we're in a container of some sort and reporting that the tools might not work seems like the best we can do, but that might be wrong in the future, and might not be easy to get right today.

Thanks

root@u18:/etc/apparmor.d# vim usr.bin.man
root@u18:/etc/apparmor.d# sudo apparmor_parser --replace usr.bin.man
root@u18:/etc/apparmor.d# man man
Segmentation fault
root@u18:/etc/apparmor.d# aa-logprof

Command 'aa-logprof' not found, but can be installed with:

apt install apparmor-utils

root@u18:/etc/apparmor.d# sudo apt-get install apparmor-utils
[...]
Setting up python3-libapparmor (2.12-4ubuntu5) ...
Setting up python3-apparmor (2.12-4ubuntu5) ...
Processing triggers for man-db (2.8.3-2) ...
Setting up apparmor-utils (2.12-4ubuntu5) ...
root@u18:/etc/apparmor.d# aa-logprof
Reading log entries from /var/log/syslog.
Updating AppArmor profiles in /etc/apparmor.d.
root@u18:/etc/apparmor.d# tail -30 /var/log/syslog
Aug 24 12:17:01 u18 CRON[14753]: (root) CMD ( cd / && run-parts --report /etc/cron.hourly)
Aug 24 13:17:01 u18 CRON[14760]: (root) CMD ( cd / && run-parts --report /etc/cron.hourly)
Aug 24 14:04:26 u18 systemd[1]: apt-daily.service: Failed to reset devices.list: Operation not permitted
Aug 24 14:04:26 u18 systemd[1]: Starting Daily apt download activities...
Aug 24 14:04:27 u18 systemd[1]: Started Daily apt download activities.
Aug 24 14:17:01 u18 CRON[14816]: (root) CMD ( cd / && run-parts --report /etc/cron.hourly)
Aug 24 15:17:01 u18 CRON[14822]: (root) CMD ( cd / && run-parts --report /etc/cron.hourly)
Aug 24 16:17:01 u18 CRON[14828]: (root) CMD ( cd / && run-parts --report /etc/cron.hourly)
Aug 24 17:17:01 u18 CRON[14834]: (root) CMD ( cd / && run-parts --report /etc/cron.hourly)
Aug 24 18:17:01 u18 CRON[14841]: (root) CMD ( cd / && run-parts --report /etc/cron.hourly)
Aug 24 19:17:01 u18 CRON[14847]: (root) CMD ( cd / && run-parts --report /etc/cron.hourly)
Aug 24 19:49:26 u18 systemd[1]: motd-news.service: Failed to reset devices.list: Operation not permitted
Aug 24 19:49:26 u18 systemd[1]: Starting Message of the Day...
Aug 24 19:49:27 u18 50-motd-news[14851]: * Read about Ubuntu updates for L1 Terminal Fault Vulnerabilities
Aug 24 19:49:27 u18 50-motd-news[14851]: (L1TF).
Aug 24 19:49:27 u18 50-motd-news[14851]: - https://ubu.one/L1TF
Aug 24 19:49:27 u18 50-motd-news[14851]: * Check out 6 great IDEs now available on Ubuntu. There may even be
Aug 24 19:49:27 u18 50-motd-news[14851]: something worthwhile there for those crazy EMACS fans ;)
Aug 24 19:49:27 u18 50-motd-news[14851]: - https://bit.ly/6-cool-IDEs
Aug 24 19:49:27 u18 systemd[1]: Started Message of the Day.
Aug 24 20:17:01 u18 CRON[14881]: (root) CMD ( cd / && run-parts --report /etc/cron.hourly)
Aug 24 21:17:01 u18 CRON[14887]: (root) CMD ( cd / && run-parts --report /etc/cron.hourly)
Aug 24 22:17:01 u18 CRON[14893]: (root) CMD ( cd / && run-parts --report /etc/cron.hourly)
Aug 24 23:17:01 u18 CRON[14900]: (root) CMD ( cd / && run-parts --report /etc/cron.hourly)
Aug 25 00:17:01 u18 CRON[14906]: (root) CMD ( cd / && run-parts --report /etc/cron.hourly)
Aug 25 00:24:01 u18 CRON[14910]: (root) CMD ( test -x /etc/cron.daily/popularity-contest && /etc/cron.daily/popularity-contest --crond)
Aug 25 00:59:26 u18 systemd[1]: systemd-tmpfiles-clean.service: Failed to reset devices.list: Operation not permitted
Aug 25 00:59:26 u18 systemd[1]: Starting Cleanup of Temporary Directories...
Aug 25 00:59:26 u18 systemd[1]: Started Cleanup of Temporary Directories.
Aug 25 01:17:01 u18 CRON[14918]: (root) CMD ( cd / && run-parts --report /etc/cron.hourly)
root@u18:/etc/apparmor.d#

To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers