apparmor spams log with warning message
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
linux (Ubuntu) |
Fix Released
|
Low
|
John Johansen | ||
Trusty |
Fix Released
|
Low
|
John Johansen | ||
Utopic |
Fix Released
|
Low
|
John Johansen |
Bug Description
The apparmor kernel module will spam the dmesg log with a stack trace and warning when the label on a unix socket does not match the label on the task sending the message.
This happens when a socket is delegated to another task
Example Message in the log
Apr 5 05:16:45 cormac kernel: [66784.479777] ------------[ cut here ]------------
Apr 5 05:16:45 cormac kernel: [66784.479791] WARNING: CPU: 0 PID: 21866 at /build/
Apr 5 05:16:45 cormac kernel: [66784.479793] AppArmor WARN apparmor_
Apr 5 05:16:45 cormac kernel: [66784.479794] Modules linked in: xt_hl ipt_REJECT xt_comment xt_limit xt_tcpudp xt_addrtype ppdev nf_conntrack_ipv4 nf_defrag_ipv4 xt_conntrack nf_conntrack_
Apr 5 05:16:45 cormac kernel: [66784.479828] CPU: 0 PID: 21866 Comm: sshd Tainted: G W 3.13.0-22-generic #44-Ubuntu
Apr 5 05:16:45 cormac kernel: [66784.479829] Hardware name: Bochs Bochs, BIOS Bochs 01/01/2011
Apr 5 05:16:45 cormac kernel: [66784.479832] 0000000000000009 ffff8800d5d25bd0 ffffffff81714914 ffff8800d5d25c18
Apr 5 05:16:45 cormac kernel: [66784.479834] ffff8800d5d25c08 ffffffff810676bd ffff8800d67a3c30 ffff880138147b80
Apr 5 05:16:45 cormac kernel: [66784.479836] ffff88003681cb40 ffff880138147680 ffff8801384217f0 ffff8800d5d25c68
Apr 5 05:16:45 cormac kernel: [66784.479839] Call Trace:
Apr 5 05:16:45 cormac kernel: [66784.479846] [<ffffffff81714
Apr 5 05:16:45 cormac kernel: [66784.479851] [<ffffffff81067
Apr 5 05:16:45 cormac kernel: [66784.479853] [<ffffffff81067
Apr 5 05:16:45 cormac kernel: [66784.479855] [<ffffffff8130e
Apr 5 05:16:45 cormac kernel: [66784.479859] [<ffffffff812cf
Apr 5 05:16:45 cormac kernel: [66784.479863] [<ffffffff816b1
Apr 5 05:16:45 cormac kernel: [66784.479868] [<ffffffff81601
Apr 5 05:16:45 cormac kernel: [66784.479872] [<ffffffff8104f
Apr 5 05:16:45 cormac kernel: [66784.479875] [<ffffffff81602
Apr 5 05:16:45 cormac kernel: [66784.479901] [<ffffffff8109d
Apr 5 05:16:45 cormac kernel: [66784.479907] [<ffffffff81020
Apr 5 05:16:45 cormac kernel: [66784.479909] [<ffffffff81602
Apr 5 05:16:45 cormac kernel: [66784.479913] [<ffffffff81725
Apr 5 05:16:45 cormac kernel: [66784.479915] ---[ end trace c4dfb167bafcc341 ]---
Changed in linux (Ubuntu): | |
status: | New → Confirmed |
assignee: | nobody → John Johansen (jjohansen) |
Changed in linux (Ubuntu Trusty): | |
status: | Confirmed → Fix Committed |
Changed in linux (Ubuntu): | |
importance: | Undecided → Low |
Changed in linux (Ubuntu Trusty): | |
importance: | Undecided → Low |
Changed in linux (Ubuntu Utopic): | |
importance: | Undecided → Low |
For me I have a similar issues...
the log says:
Apr 17 02:29:36 trusty-01 kernel: [70827.909934] ------------[ cut here ]------------ buildd/ linux-3. 13.0/security/ apparmor/ lsm.c:839 apparmor_ unix_may_ send+0x16c/ 0x180() unix_may_ send: ((!aa_label_ is_subset( cxt->label, label))): a64>] dump_stack+ 0x45/0x56 6bd>] warn_slowpath_ common+ 0x7d/0xa0 72c>] warn_slowpath_ fmt+0x4c/ 0x50 d5c>] apparmor_ unix_may_ send+0x16c/ 0x180 876>] security_ unix_may_ send+0x16/ 0x20 575>] unix_dgram_ sendmsg+ 0x2a5/0x620 4eb>] sock_sendmsg+ 0x8b/0xc0 691>] SYSC_sendto+ 0x121/0x1c0 d84>] ? vtime_account_ user+0x54/ 0x60 d35>] ? syscall_ trace_enter+ 0x145/0x250 19e>] SyS_sendto+0xe/0x10 63f>] tracesys+0xe1/0xe6 buildd/ linux-3. 13.0/security/ apparmor/ lsm.c:839 apparmor_ unix_may_ send+0x16c/ 0x180() unix_may_ send: ((!aa_label_ is_subset( cxt->label, label))):
Apr 17 02:29:36 trusty-01 kernel: [70827.909960] WARNING: CPU: 0 PID: 2985 at /build/
Apr 17 02:29:36 trusty-01 kernel: [70827.909964] AppArmor WARN apparmor_
Apr 17 02:29:36 trusty-01 kernel: [70827.909968] Modules linked in: kvm_intel kvm cirrus snd_hda_intel ttm snd_hda_codec drm_kms_helper snd_hwdep psmouse serio_raw snd_pcm drm snd_page_alloc snd_timer syscopyarea snd soundcore sysfillrect sysimgblt i2c_piix4 lp parport mac_hid 8139too 8139cp mii floppy
Apr 17 02:29:36 trusty-01 kernel: [70827.910014] CPU: 0 PID: 2985 Comm: dhcpd Tainted: G W 3.13.0-24-generic #46-Ubuntu
Apr 17 02:29:36 trusty-01 kernel: [70827.910018] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Bochs 01/01/2011
Apr 17 02:29:36 trusty-01 kernel: [70827.910022] 0000000000000009 ffff880000063bd0 ffffffff81715a64 ffff880000063c18
Apr 17 02:29:36 trusty-01 kernel: [70827.910030] ffff880000063c08 ffffffff810676bd ffff88003e00a430 ffff88003d618000
Apr 17 02:29:36 trusty-01 kernel: [70827.910036] ffff88003b33f010 ffff88003d70f400 ffff88003c1a8000 ffff880000063c68
Apr 17 02:29:36 trusty-01 kernel: [70827.910043] Call Trace:
Apr 17 02:29:36 trusty-01 kernel: [70827.910056] [<ffffffff81715
Apr 17 02:29:36 trusty-01 kernel: [70827.910066] [<ffffffff81067
Apr 17 02:29:36 trusty-01 kernel: [70827.910072] [<ffffffff81067
Apr 17 02:29:36 trusty-01 kernel: [70827.910080] [<ffffffff8130e
Apr 17 02:29:36 trusty-01 kernel: [70827.910089] [<ffffffff812cf
Apr 17 02:29:36 trusty-01 kernel: [70827.910097] [<ffffffff816b2
Apr 17 02:29:36 trusty-01 kernel: [70827.910108] [<ffffffff81602
Apr 17 02:29:36 trusty-01 kernel: [70827.910116] [<ffffffff81602
Apr 17 02:29:36 trusty-01 kernel: [70827.910125] [<ffffffff8109d
Apr 17 02:29:36 trusty-01 kernel: [70827.910137] [<ffffffff81020
Apr 17 02:29:36 trusty-01 kernel: [70827.910145] [<ffffffff81603
Apr 17 02:29:36 trusty-01 kernel: [70827.910154] [<ffffffff81726
Apr 17 02:29:36 trusty-01 kernel: [70827.910158] ---[ end trace 0b1a05a3a90a9dc7 ]---
Apr 17 02:29:46 trusty-01 kernel: [70838.210778] ------------[ cut here ]------------
Apr 17 02:29:46 trusty-01 kernel: [70838.210791] WARNING: CPU: 0 PID: 2985 at /build/
Apr 17 02:29:46 trusty-01 kernel: [70838.210793] AppArmor WARN apparmor_
Apr 17 02:29:46 trusty-01 kernel: [70838.210794] Modules linked in: kvm_intel kvm cirrus snd_hda_intel ttm snd_hda_codec drm_kms_he...