Apparmor config does not allow pcap cyclic buffer
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
tcpdump (Debian) |
Fix Released
|
Unknown
|
|||
tcpdump (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned | ||
Jammy |
Fix Released
|
Undecided
|
Unassigned | ||
Kinetic |
Fix Released
|
Undecided
|
Unassigned |
Bug Description
tcp dump comes with a apparmor file
/etc/apparmor.
that tells to can write .pcap files:
# for -r, -F and -w
/**.[pP]
but using the -W and -C modes it will also write pcap0 etc. files
we've put apparmor in complain mode as a workaround
------
lsb_release -rd
version: 4.9.0-1ubuntu1~
Description: Ubuntu 12.04.4 LTS
Release: 12.04
------
apt-cache policy tcpdump
tcpdump:
Installed: 4.9.0-1ubuntu1~
Candidate: 4.9.0-1ubuntu1~
Version table:
*** 4.9.0-1ubuntu1~
500 http://
500 http://
100 /var/lib/
4.
100 http://
4.2.1-1ubuntu2 0
500 http://
Changed in tcpdump (Debian): | |
status: | Unknown → Fix Released |
I added /**.[pP] [cC][aA] [pP]* rw, to /etc/apparmor. d/local/ usr.sbin. tcpdump to allow for rotated pcap files.