Re: [Touch-packages] [Bug 1865450] [NEW] PermissionError for AppArmor Profiles i.e., SSH
On Mon, Mar 02, 2020 at 09:15:56AM -, Shaheena Kazi wrote: > Public bug reported: > > I have created an AppArmor profile for SSH. ssh server or ssh client? What profile transitions did you put into your profile? > The profile is created successfully but each time I run aa-logprof it gives > PermissionError: [Errno 13] > PermissionError: [Errno 13] Permission denied: > '/etc/apparmor.d/usr.sbin.tcpdumpwvx1h0xl~' -> > '/etc/apparmor.d/usr.sbin.tcpdump' Do you get an apparmor DENIED entry in your log for this? Thanks -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apparmor in Ubuntu. https://bugs.launchpad.net/bugs/1865450 Title: PermissionError for AppArmor Profiles i.e., SSH Status in apparmor package in Ubuntu: New Bug description: I have created an AppArmor profile for SSH. The profile is created successfully but each time I run aa-logprof it gives PermissionError: [Errno 13] An example of the error: Traceback (most recent call last): File "/usr/sbin/aa-enforce", line 35, intool.cmd_enforce() File "/usr/lib/python3/dist-packages/apparmor/tools.py", line 150, in cmd_enforce apparmor.set_enforce(profile, program) File "/usr/lib/python3/dist-packages/apparmor/aa.py", line 293, in set_enforce change_profile_flags(filename, program, 'complain', False) File "/usr/lib/python3/dist-packages/apparmor/aa.py", line 704, in change_profile_flags set_profile_flags(filename, program, newflags) File "/usr/lib/python3/dist-packages/apparmor/aa.py", line 753, in set_profile_flags os.rename(temp_file.name, prof_filename) PermissionError: [Errno 13] Permission denied: '/etc/apparmor.d/usr.sbin.tcpdumpwvx1h0xl~' -> '/etc/apparmor.d/usr.sbin.tcpdump' Please consider reporting a bug at https://bugs.launchpad.net/apparmor/ and attach this file. +++ Traceback (most recent call last): File "/usr/sbin/aa-logprof", line 50, in apparmor.do_logprof_pass(logmark) File "/usr/lib/python3/dist-packages/apparmor/aa.py", line 1824, in do_logprof_pass save_profiles() File "/usr/lib/python3/dist-packages/apparmor/aa.py", line 1921, in save_profiles write_profile_ui_feedback(profile_name) File "/usr/lib/python3/dist-packages/apparmor/aa.py", line 3404, in write_profile_ui_feedback write_profile(profile) File "/usr/lib/python3/dist-packages/apparmor/aa.py", line 3413, in write_profile newprof = tempfile.NamedTemporaryFile('w', suffix='~', delete=False, dir=profile_dir) File "/usr/lib/python3.5/tempfile.py", line 688, in NamedTemporaryFile (fd, name) = _mkstemp_inner(dir, prefix, suffix, flags, output_type) File "/usr/lib/python3.5/tempfile.py", line 399, in _mkstemp_inner fd = _os.open(file, flags, 0o600) PermissionError: [Errno 13] Permission denied: '/etc/apparmor.d/tmpujtge2jq~' An unexpected error occurred! For details, see /tmp/apparmor-bug report-5qnjyx3t.txt Please consider reporting a bug at https://bugs.launchpad.net/apparmor/ and attach this file. +++ +++ root@protegrity-framework314:/var/www# aa-complain /etc/apparmor.d/* Profile for /etc/apparmor.d/abstractions not found, skipping Profile for /etc/apparmor.d/apache2.d not found, skipping Setting /etc/apparmor.d/bin.ping to complain mode. Profile for /etc/apparmor.d/cache not found, skipping Profile for /etc/apparmor.d/disable not found, skipping Setting /etc/apparmor.d/etc.opt.Cluster.cluster_config.status.xml to complain mode. Setting /etc/apparmor.d/etc.opt.Cluster.cluster_config.xml to complain mode. Traceback (most recent call last): File "/usr/sbin/aa-complain", line 35, in tool.cmd_complain() File "/usr/lib/python3/dist-packages/apparmor/tools.py", line 165, in cmd_complain apparmor.set_complain(profile, program) File "/usr/lib/python3/dist-packages/apparmor/aa.py", line 286, in set_complain change_profile_flags(filename, program, 'complain', True) File "/usr/lib/python3/dist-packages/apparmor/aa.py", line 704, in change_profile_flags set_profile_flags(filename, program, newflags) File "/usr/lib/python3/dist-packages/apparmor/aa.py", line 720, in set_profile_flags temp_file = tempfile.NamedTemporaryFile('w', prefix=prof_filename, suffix='~', delete=False, dir=profile_dir) File "/usr/lib/python3.5/tempfile.py", line 688, in NamedTemporaryFile (fd, name) = _mkstemp_inner(dir, prefix, suffix, flags, output_type) File "/usr/lib/python3.5/tempfile.py", line 399, in _mkstemp_inner fd = _os.open(file, flags, 0o600) PermissionError: [Er
[Touch-packages] [Bug 1865450] [NEW] PermissionError for AppArmor Profiles i.e., SSH
Public bug reported: I have created an AppArmor profile for SSH. The profile is created successfully but each time I run aa-logprof it gives PermissionError: [Errno 13] An example of the error: Traceback (most recent call last): File "/usr/sbin/aa-enforce", line 35, intool.cmd_enforce() File "/usr/lib/python3/dist-packages/apparmor/tools.py", line 150, in cmd_enforce apparmor.set_enforce(profile, program) File "/usr/lib/python3/dist-packages/apparmor/aa.py", line 293, in set_enforce change_profile_flags(filename, program, 'complain', False) File "/usr/lib/python3/dist-packages/apparmor/aa.py", line 704, in change_profile_flags set_profile_flags(filename, program, newflags) File "/usr/lib/python3/dist-packages/apparmor/aa.py", line 753, in set_profile_flags os.rename(temp_file.name, prof_filename) PermissionError: [Errno 13] Permission denied: '/etc/apparmor.d/usr.sbin.tcpdumpwvx1h0xl~' -> '/etc/apparmor.d/usr.sbin.tcpdump' Please consider reporting a bug at https://bugs.launchpad.net/apparmor/ and attach this file. +++ Traceback (most recent call last): File "/usr/sbin/aa-logprof", line 50, in apparmor.do_logprof_pass(logmark) File "/usr/lib/python3/dist-packages/apparmor/aa.py", line 1824, in do_logprof_pass save_profiles() File "/usr/lib/python3/dist-packages/apparmor/aa.py", line 1921, in save_profiles write_profile_ui_feedback(profile_name) File "/usr/lib/python3/dist-packages/apparmor/aa.py", line 3404, in write_profile_ui_feedback write_profile(profile) File "/usr/lib/python3/dist-packages/apparmor/aa.py", line 3413, in write_profile newprof = tempfile.NamedTemporaryFile('w', suffix='~', delete=False, dir=profile_dir) File "/usr/lib/python3.5/tempfile.py", line 688, in NamedTemporaryFile (fd, name) = _mkstemp_inner(dir, prefix, suffix, flags, output_type) File "/usr/lib/python3.5/tempfile.py", line 399, in _mkstemp_inner fd = _os.open(file, flags, 0o600) PermissionError: [Errno 13] Permission denied: '/etc/apparmor.d/tmpujtge2jq~' An unexpected error occurred! For details, see /tmp/apparmor-bug report-5qnjyx3t.txt Please consider reporting a bug at https://bugs.launchpad.net/apparmor/ and attach this file. +++ +++ root@protegrity-framework314:/var/www# aa-complain /etc/apparmor.d/* Profile for /etc/apparmor.d/abstractions not found, skipping Profile for /etc/apparmor.d/apache2.d not found, skipping Setting /etc/apparmor.d/bin.ping to complain mode. Profile for /etc/apparmor.d/cache not found, skipping Profile for /etc/apparmor.d/disable not found, skipping Setting /etc/apparmor.d/etc.opt.Cluster.cluster_config.status.xml to complain mode. Setting /etc/apparmor.d/etc.opt.Cluster.cluster_config.xml to complain mode. Traceback (most recent call last): File "/usr/sbin/aa-complain", line 35, in tool.cmd_complain() File "/usr/lib/python3/dist-packages/apparmor/tools.py", line 165, in cmd_complain apparmor.set_complain(profile, program) File "/usr/lib/python3/dist-packages/apparmor/aa.py", line 286, in set_complain change_profile_flags(filename, program, 'complain', True) File "/usr/lib/python3/dist-packages/apparmor/aa.py", line 704, in change_profile_flags set_profile_flags(filename, program, newflags) File "/usr/lib/python3/dist-packages/apparmor/aa.py", line 720, in set_profile_flags temp_file = tempfile.NamedTemporaryFile('w', prefix=prof_filename, suffix='~', delete=False, dir=profile_dir) File "/usr/lib/python3.5/tempfile.py", line 688, in NamedTemporaryFile (fd, name) = _mkstemp_inner(dir, prefix, suffix, flags, output_type) File "/usr/lib/python3.5/tempfile.py", line 399, in _mkstemp_inner fd = _os.open(file, flags, 0o600) PermissionError: [Errno 13] Permission denied: '/etc/apparmor.d/etc.opt.Cluster.cluster_config.xml7m7t4rvb~' An unexpected error occurred! For details, see /tmp/apparmor-bugreport-oe_mo879.txt Please consider reporting a bug at https://bugs.launchpad.net/apparmor/ and attach this file. ++ Secondly, once I accept this denial, AppArmor repeatedly gives similar denials for almost every profile. I am using a security product and running it on Debian 9. root@protegrity:/var/www# cat /etc/debian_version 9.9 I expect that these denials should not occur repeatedly. Please do check. ** Affects: apparmor (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apparmor in Ubuntu. https://bugs.launchpad.net/bugs/1865450 Title: PermissionError for A