Ubuntu
apparmor package

apparmor denial to /sys/devices/system/cpu/online

Bug #929531 reported by Jamie Strandboge
16
This bug affects 2 people
Affects Status Importance Assigned to Milestone
AppArmor
Fix Released
High
Jamie Strandboge
AppArmor 2.8.0
apparmor (Ubuntu)
Fix Released
High
Jamie Strandboge

Bug Description

After upgrading to the latest eglibc today, applications are having the following apparmor denial:

type=AVC msg=audit(1328794019.772:83): apparmor="DENIED" operation="open" parent=3049 profile="/usr/lib/telepathy/mission-control-5" name="/sys/devices/system/cpu/online" pid=3053 comm="mission-control" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
type=AVC msg=audit(1328794257.880:94): apparmor="DENIED" operation="open" parent=3886 profile="/usr/lib/telepathy/telepathy-*" name="/sys/devices/system/cpu/online" pid=3894 comm=64636F6E6620776F726B6572 requested_mask="r" denied_mask="r" fsuid=1000 ouid=0

The following should go into the base abstraction:
/sys/devices/system/cpu/online r,

This seems to have been introduced in the following commit:
http://repo.or.cz/w/glibc.git/commitdiff/84e2a551a72c79b020694bb327e33b6d71b09b63

Revision history for this message
Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in apparmor (Ubuntu):
status: New → Confirmed
Jamie Strandboge (jdstrand)
Changed in apparmor (Ubuntu):
assignee: nobody → Jamie Strandboge (jdstrand)
importance: Undecided → High
status: Confirmed → Triaged
Changed in apparmor:
assignee: nobody → Jamie Strandboge (jdstrand)
importance: Undecided → High
status: New → Triaged
Jamie Strandboge (jdstrand)
Changed in apparmor:
status: Triaged → In Progress
Changed in apparmor (Ubuntu):
status: Triaged → In Progress
Jamie Strandboge (jdstrand)
Changed in apparmor (Ubuntu):
status: In Progress → Fix Committed
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package apparmor - 2.7.0-0ubuntu5

---------------
apparmor (2.7.0-0ubuntu5) precise; urgency=low

  * debian/patches/0036-lp929531.patch: adjust base abstraction to allow read
    access to /sys/devices/system/cpu/online (LP: #929531)
 -- Jamie Strandboge <email address hidden> Thu, 09 Feb 2012 08:04:13 -0600

Changed in apparmor (Ubuntu):
status: Fix Committed → Fix Released
Revision history for this message
Steve Beattie (sbeattie) wrote :

Committed in upstream lp:apprmor revno 1935

Changed in apparmor:
status: In Progress → Fix Committed
milestone: none → 2.8.0
Revision history for this message
CuteChaps (sh-senthilkumar) wrote :

I am running on Ubuntu 12.04 final release and I can see the same error repeating.

[ 133.129232] type=1400 audit(1335636601.398:27): apparmor="DENIED" operation="open" parent=1 profile="/usr/lib/telepathy/mission-control-5" name="/usr/share/gvfs/remote-volume-monitors/" pid=3171 comm="mission-control" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0

root@Senthil-IN:~# dpkg -l |grep apparmor
ii apparmor 2.7.102-0ubuntu3 User-space parser utility for AppArmor
ii dh-apparmor 2.7.102-0ubuntu3 AppArmor debhelper routines
root@Senthil-IN:~#

Revision history for this message
Steve Beattie (sbeattie) wrote :

@CuteChaps: your rejection is a different thing (note the 'name="/usr/share/gvfs/remote-volume-monitors/"'); please file a separate bug report if its still an issue for you.

Revision history for this message
Steve Beattie (sbeattie) wrote :

This was fixed in the apparmor 2.8.0 release, closing the apparmor task.

Changed in apparmor:
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Duplicates of this bug

Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.