[Bug 1967807] [NEW] Apparmor doesn't let squid read /etc/ssl/openssl.cnf

Mon, 04 Apr 2022 13:45:47 -0700 

Public bug reported:

After installing squid in a Jammy container:

audit: type=1400 audit(1649103012.819:218): apparmor="STATUS" 
operation="profile_replace" 
label="lxd-squid_</var/snap/lxd/common/lxd>//&:lxd-squid_<var-snap-lxd-common-lxd>:unconfined"
 name="/usr/sbin/squid" pid=1003733 comm="apparmor_parser"
audit: type=1400 audit(1649103012.831:219): apparmor="STATUS" 
operation="profile_replace" 
label="lxd-squid_</var/snap/lxd/common/lxd>//&:lxd-squid_<var-snap-lxd-common-lxd>:unconfined"
 name="/usr/sbin/squid//squidguard" pid=1003733 comm="apparmor_parser"
audit: type=1400 audit(1649103043.411:220): apparmor="DENIED" operation="open" 
namespace="root//lxd-squid_<var-snap-lxd-common-lxd>" profile="/usr/sbin/squid" 
name="/etc/ssl/openssl.cnf" pid=1004222 comm="squid" requested_mask="r" 
denied_mask="r" fsuid=1589824 ouid=1589824
audit: type=1400 audit(1649103043.431:221): apparmor="DENIED" operation="open" 
namespace="root//lxd-squid_<var-snap-lxd-common-lxd>" profile="/usr/sbin/squid" 
name="/etc/ssl/openssl.cnf" pid=1004224 comm="squid" requested_mask="r" 
denied_mask="r" fsuid=1589824 ouid=1589824


Additional information:

root@squid:~# apt-cache policy apparmor squid
apparmor:
  Installed: 3.0.4-2ubuntu2
  Candidate: 3.0.4-2ubuntu2
  Version table:
 *** 3.0.4-2ubuntu2 500
        500 http://us.archive.ubuntu.com/ubuntu jammy/main amd64 Packages
        100 /var/lib/dpkg/status
squid:
  Installed: 5.2-1ubuntu3
  Candidate: 5.2-1ubuntu3
  Version table:
 *** 5.2-1ubuntu3 500
        500 http://us.archive.ubuntu.com/ubuntu jammy/main amd64 Packages
        100 /var/lib/dpkg/status
root@squid:~# lsb_release -rd
Description:    Ubuntu Jammy Jellyfish (development branch)
Release:        22.04

** Affects: squid (Ubuntu)
     Importance: Undecided
         Status: New

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1967807

Title:
  Apparmor doesn't let squid read /etc/ssl/openssl.cnf

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/squid/+bug/1967807/+subscriptions


-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

Reply via email to