Denials due to "deleted" are not being logged
Bug #970647 reported by
John Johansen
This bug affects 1 person
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| AppArmor |
Confirmed
|
Low
|
Unassigned | ||
| Linux |
Confirmed
|
Undecided
|
|||
| apparmor (Ubuntu) |
Confirmed
|
Low
|
Unassigned | ||
| linux (Ubuntu) |
Confirmed
|
Low
|
Unassigned | ||
Bug Description
When apparmor is enforcing a profile the default mode is to handle deleted files through file labeling and delegation. However there are currently cases when this is not sufficient and will result in an access denial that should have an an info field of
info="Failed name lookup - deleted entry"
However these log messages are not being generated, and apparmor is rejecting accesses based on deleted entries being mediated. See Bug #969299 as one case where this is happening.
| Changed in apparmor (Ubuntu): | |
| assignee: | nobody → John Johansen (jjohansen) |
| Changed in apparmor: | |
| assignee: | nobody → John Johansen (jjohansen) |
Revision history for this message
| John Johansen (jjohansen) wrote | #1 |
| tags: | added: aa-feature |
| Changed in apparmor (Ubuntu): | |
| status: | New → Confirmed |
| Changed in linux: | |
| status: | New → Confirmed |
| Changed in apparmor: | |
| status: | New → Confirmed |
| importance: | Undecided → Low |
| Changed in apparmor (Ubuntu): | |
| importance: | Undecided → Low |
| Changed in linux (Ubuntu): | |
| status: | New → Confirmed |
| importance: | Undecided → Low |
| Changed in apparmor (Ubuntu): | |
| assignee: | John Johansen (jjohansen) → nobody |
| Changed in apparmor: | |
| assignee: | John Johansen (jjohansen) → nobody |
| tags: | added: aa-kernel |
To post a comment you must log in.
So an update of the slow progress on this bug,
I have found two cases where apparmor was incorrectly dropping messages, though neither of them are due to "deleted". They where
- improper quieting of some network denials
- failure to log domain transitions when mandatory profile not present
The larger problem of the audit subsystem just dropping audit messages without even logging the message was lost has also not been fixed. There is currently a new patchset from kees to fix some of the problems, and I will rebase/rework my original patchset and try again.