sshd profile does not work out-of-the-box
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
AppArmor |
Fix Released
|
Medium
|
Unassigned | ||
apparmor (Ubuntu) |
Fix Released
|
Low
|
Unassigned |
Bug Description
Binary package hint: apparmor-profiles
The apparmor profile for sshd provided by the apparmor-profiles package does not work out-of-the-box. Looking over syslog, it appears there are seven types of audit entries (one of each follows). Until this is fixed, the usr.sbin.sshd file in apparmor-profiles should have "flags=(complain)" added to it.
May 8 08:23:26 darwin kernel: [136857.839011] audit(121024940
May 8 08:23:29 darwin kernel: [136860.663589] audit(121024940
May 8 08:23:26 darwin kernel: [136857.842204] audit(121024940
May 8 08:23:26 darwin kernel: [136857.839817] audit(121024940
May 8 09:33:21 darwin kernel: [141051.379421] audit(121025360
May 8 08:23:26 darwin kernel: [136857.837856] audit(121024940
May 8 09:59:43 darwin kernel: [142632.555690] audit(121025518
Related branches
Changed in apparmor: | |
milestone: | none → 2.9.0 |
AFAIK Ubuntu's sshd doesn't have the change_hat patch. That makes confining somewhat useless.