Package: ejabberd Version: 18.01-1 Severity: normal User: pkg-apparmor-t...@lists.alioth.debian.org Usertags: buggy-profile
Dear Maintainer, After some update a flow of DENIED messages appears when ejabberd is starting, with AppArmor profile enforced: ``` type=AVC msg=audit(1517057211.177:163): apparmor="DENIED" operation="exec" profile="/usr/sbin/ejabberdctl" name="/usr/lib/erlang/lib/p1_eimp-1.0.2/priv/bin/eimp" pid=2345 comm="sh" requested_mask="x" denied_mask="x" fsuid=123 ouid=0 type=AVC msg=audit(1517057211.177:164): apparmor="DENIED" operation="exec" profile="/usr/sbin/ejabberdctl" name="/usr/lib/erlang/lib/p1_eimp-1.0.2/priv/bin/eimp" pid=2344 comm="sh" requested_mask="x" denied_mask="x" fsuid=123 ouid=0 type=AVC msg=audit(1517057211.189:165): apparmor="DENIED" operation="exec" profile="/usr/sbin/ejabberdctl" name="/usr/lib/erlang/lib/p1_eimp-1.0.2/priv/bin/eimp" pid=2373 comm="sh" requested_mask="x" denied_mask="x" fsuid=123 ouid=0 ... type=AVC msg=audit(1517057212.169:173): apparmor="DENIED" operation="exec" profile="/usr/sbin/ejabberdctl" name="/usr/bin/df" pid=2391 comm="sh" requested_mask="x" denied_mask="x" fsuid=123 ouid=0 type=AVC msg=audit(1517057212.173:174): apparmor="DENIED" operation="exec" profile="/usr/sbin/ejabberdctl" name="/usr/lib/erlang/lib/os_mon-2.4.4/priv/bin/memsup" pid=2392 comm="sh" requested_mask="x" denied_mask="x" fsuid=123 ouid=0 type=AVC msg=audit(1517057212.181:175): apparmor="DENIED" operation="exec" profile="/usr/sbin/ejabberdctl" name="/usr/lib/erlang/lib/os_mon-2.4.4/priv/bin/memsup" pid=2393 comm="sh" requested_mask="x" denied_mask="x" fsuid=123 ouid=0 ... type=AVC msg=audit(1517057212.353:183): apparmor="DENIED" operation="exec" profile="/usr/sbin/ejabberdctl" name="/usr/bin/inotifywait" pid=2402 comm="sh" requested_mask="x" denied_mask="x" fsuid=123 ouid=0 type=AVC msg=audit(1517057212.353:184): apparmor="DENIED" operation="exec" profile="/usr/sbin/ejabberdctl" name="/usr/bin/inotifywait" pid=2402 comm="sh" ``` I'll start working for the patch. -- System Information: Debian Release: buster/sid APT prefers unstable-debug APT policy: (500, 'unstable-debug'), (500, 'unstable'), (1, 'experimental-debug'), (1, 'experimental') Architecture: amd64 (x86_64) Kernel: Linux 4.14.0-3-amd64 (SMP w/8 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_US:en (charmap=UTF-8) Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages ejabberd depends on: ii adduser 3.116 ii debconf [debconf-2.0] 1.5.65 ii erlang-asn1 1:20.2.2+dfsg-1 ii erlang-base [erlang-abi-17.0] 1:20.2.2+dfsg-1 ii erlang-crypto 1:20.2.2+dfsg-1 ii erlang-fs-listener 2.12.0-4 ii erlang-inets 1:20.2.2+dfsg-1 ii erlang-jiffy 0.14.11+dfsg-2 ii erlang-jose 1.8.4-2 ii erlang-lager 3.5.2-2 ii erlang-mnesia 1:20.2.2+dfsg-1 ii erlang-odbc 1:20.2.2+dfsg-1 ii erlang-os-mon 1:20.2.2+dfsg-1 ii erlang-p1-cache-tab 1.0.12-2 ii erlang-p1-eimp 1.0.2-2 ii erlang-p1-iconv 1.0.6-2 ii erlang-p1-stringprep 1.0.10-2 ii erlang-p1-tls 1.0.20-1 ii erlang-p1-utils 1.0.10-2 ii erlang-p1-xml 1.1.28-1 ii erlang-p1-xmpp 1.1.19-1 ii erlang-p1-yaml 1.0.12-2 ii erlang-p1-zlib 1.0.3-2 ii erlang-public-key 1:20.2.2+dfsg-1 ii erlang-ssl 1:20.2.2+dfsg-1 ii erlang-syntax-tools 1:20.2.2+dfsg-1 ii erlang-xmerl 1:20.2.2+dfsg-1 ii lsb-base 9.20170808 ii openssl 1.1.0g-2 ii ucf 3.0036 ejabberd recommends no packages. Versions of packages ejabberd suggests: ii apparmor 2.12-2 ii apparmor-utils 2.12-2 pn ejabberd-contrib <none> pn erlang-luerl <none> pn erlang-p1-mysql <none> pn erlang-p1-oauth2 <none> pn erlang-p1-pam <none> pn erlang-p1-pgsql <none> pn erlang-p1-sip <none> pn erlang-p1-sqlite3 <none> pn erlang-p1-stun <none> pn erlang-redis-client <none> ii imagemagick 8:6.9.7.4+dfsg-16 ii imagemagick-6.q16 [imagemagick] 8:6.9.7.4+dfsg-16 pn libunix-syslog-perl <none> pn yamllint <none> -- Configuration Files: /etc/apparmor.d/usr.sbin.ejabberdctl changed [not included] /etc/ejabberd/inetrc [Errno 13] Permission denied: '/etc/ejabberd/inetrc' /etc/ejabberd/modules.d/README.modules [Errno 13] Permission denied: '/etc/ejabberd/modules.d/README.modules' -- debconf information excluded