This change regressed my apparmor profile for a script I'm working on, which walks over processes using python3-psutil, in bionic.
I have this config in the apparmor profile:
capability sys_ptrace,
ptrace trace,
With kernel 4.15.0-154-generic #161 it works.
With kernel 4.15.0-158-generic #166 I get a DENIED error and the script backtraces when reading, for example, /proc/<pid>/fd/0 of some process, with os.readlink():
This change regressed my apparmor profile for a script I'm working on, which walks over processes using python3-psutil, in bionic.
I have this config in the apparmor profile:
capability sys_ptrace,
ptrace trace,
With kernel 4.15.0-154-generic #161 it works.
With kernel 4.15.0-158-generic #166 I get a DENIED error and the script backtraces when reading, for example, /proc/<pid>/fd/0 of some process, with os.readlink():
[ 19.223703] audit: type=1400 audit(163250770 4.072:30) : apparmor="DENIED" operation="ptrace" profile= "/etc/hostos- monitoring/ plugins. d/process- monitoring" pid=1098 comm="process- monitor" requested_ mask="read" denied_mask="read" peer="unconfined"