Hello, Am Mittwoch, 5. Januar 2022, 03:31:40 CET schrieb Craig Small: > audit: type=1400 audit(1641349042.460:2559): apparmor="DENIED" > operation="ptrace" profile="apache2//HANDLING_UNTRUSTED_INPUT" > pid=2792993 comm="ss" requested_mask="readby" denied_mask="readby" > peer="/bin/ss" > > So ss is doing a ptrace on all the network listeners. The odd thing is > that apache is the only one to complain about this even though other > daemons listed have their own apparmor profiles.
That's not really odd ;-)
abstractions/base has
ptrace (readby),
ptrace (tracedby),
so all profiles that include abstractions/base can be ptraced.
However, what you see happens in the HANDLING_UNTRUSTED_INPUT hat (this
hat is used when Apache processes are idle) - and Apache hats typically
don't include abstractions/base.
(Nevertheless, the apache hats should allow to be ptraced. I'll leave
that to the maintainer of the Apache profile in Debian - and would love
to see the fix upstreamed.)
Regards,
Christian Boltz
--
<pjessen> okay. when can we have the next power outage,
for testing purposes ?
[from #opensuse-admin]
signature.asc
Description: This is a digitally signed message part.
