On Tue, Dec 06, 2016 at 12:16:43PM -0800, John Johansen wrote: > On 12/06/2016 07:14 AM, daniel curtis wrote: > > Please forgive me, writing message one by one, but I think, that maybe > > 'deny capability sys_ptrace,' is responsible for such entries? I'm asking, > > because of operation="ptrace", which can be found in a log files etc. > > > > What do you think? Once again - I'm sorry. > > no, capability sys_ptrace, isn't responsible for this entry, it is > squarely on ptrace rules, more specifically no one rule is causing this > it looks like a kernel bug in the enforcement or logging of ptrace rules
While that may be the intent, and the Ubuntu 12.04 LTS kernel might be buggy about this, I reproduced what daniel is seeing, and converting the 'deny capability sys_ptrace,' to allowing the sys_ptrace capability made the rejections go away, as well as allowed netstat's -p argument to work. Attempts to add a ptrace rule instead did not succeed. -- Steve Beattie <sbeat...@ubuntu.com> http://NxNW.org/~steve/
signature.asc
Description: PGP signature
-- AppArmor mailing list AppArmor@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor