Hello, Am Mittwoch, 5. Januar 2022, 03:31:40 CET schrieb Craig Small: > audit: type=1400 audit(1641349042.460:2559): apparmor="DENIED" > operation="ptrace" profile="apache2//HANDLING_UNTRUSTED_INPUT" > pid=2792993 comm="ss" requested_mask="readby" denied_mask="readby" > peer="/bin/ss" > > So ss is doing a ptrace on all the network listeners. The odd thing is > that apache is the only one to complain about this even though other > daemons listed have their own apparmor profiles.
That's not really odd ;-) abstractions/base has ptrace (readby), ptrace (tracedby), so all profiles that include abstractions/base can be ptraced. However, what you see happens in the HANDLING_UNTRUSTED_INPUT hat (this hat is used when Apache processes are idle) - and Apache hats typically don't include abstractions/base. (Nevertheless, the apache hats should allow to be ptraced. I'll leave that to the maintainer of the Apache profile in Debian - and would love to see the fix upstreamed.) Regards, Christian Boltz -- <pjessen> okay. when can we have the next power outage, for testing purposes ? [from #opensuse-admin]
signature.asc
Description: This is a digitally signed message part.