apparmor profile does not allow for rotating savefiles using the -C and -W options
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
tcpdump (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned | ||
Focal |
Fix Released
|
Undecided
|
Unassigned | ||
Jammy |
Fix Released
|
Undecided
|
Unassigned |
Bug Description
[ Impact ]
AppArmor was denying the creation of .pcap files ending in digits which is required by the -W parameter of tcpdump. This issue had already been fixed upstream https:/
I also added the permission for reading and writing of .cap and .pcapng files which were already allowed upstream as well.
The debdiffs for both focal and jammy are in the comments
[ Test Plan ]
mkdir /test
chmod 777 /test
tcpdump -Z root -ni any -s 0 -w /test/pcap.pcap -C 500 -W 500 host 1.1.1.1
Result:
tcpdump: /test/pcap.pcap000: Permission denied
Expected result:
tcpdump: listening on any, link-type LINUX_SLL (Linux cooked v1), capture size 262144 bytes
The cause is the apparmor profile: /etc/apparmor.
# for -r, -F and -w
/**.[
[ Where problems could occur ]
The risk of allowing read and write to .pcap+digits is very minor considering that reading and writing to .pcap is already allowed by policy. Additionally, these rules are a requirement for the application to work properly.
[ Other Info ]
Upstream commits:
https:/
https:/
https:/
description: | updated |
description: | updated |
This is the patch that should fix this issue in Focal