Dear Christian,
Am 24.10.2017 um 19:14 schrieb Christian Boltz: >> ... apparmor="DENIED" operation="create" ... family="unix" > sock_type="stream" > > With the pinned-down feature set, you probably "lost" support for unix > rules. Sorry, I have no clue about the internals. I just use what’s shipped in Ubuntu 16.04. > In theory, apparmor_parser will downgrade those rules to "network unix," > - but in practise a bug in apparmor_parser prevented it. This bug was > fixed in the point releases some days ago. Just a note, that the no regression policy of Linux actually demands that the latest Linux kernel also works with buggy user space software. > Can you please test with the latest apparmor_parser? "Latest" means > 2.11.1, 2.10.3 or 2.9.5 - or, if you want to test only the bugfix, apply > the patch from bzr trunk r3700 - http://bazaar.launchpad.net/~apparmor- > dev/apparmor/master/revision/3700 The system is an up-to-date Ubuntu 16.04 installation. So that should be already installed? I can check tomorrow. Kind regards, Paul -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apparmor in Ubuntu. https://bugs.launchpad.net/bugs/1721278 Title: apparmor="DENIED" operation="create" profile="/usr/sbin/cups-browsed" w/ 4.14-rc2 and later Status in apparmor package in Ubuntu: Confirmed Status in apparmor source package in Xenial: Confirmed Status in apparmor source package in Zesty: Confirmed Status in apparmor source package in Artful: Confirmed Bug description: With Ubuntu 16.04.3 LTS (Xenial Xerus), and apparmor 2.10.95-0ubuntu2.7, in the system log each second the error message below is printed to. ``` […] [Mi Okt 4 16:57:52 2017] audit: type=1400 audit(1507129072.882:554): apparmor="DENIED" operation="create" profile="/usr/sbin/cups-browsed" pid=939 comm="cups-browsed" family="unix" sock_type="stream" protocol=0 requested_mask="create" denied_mask="create" [Mi Okt 4 16:57:53 2017] audit: type=1400 audit(1507129073.886:555): apparmor="DENIED" operation="create" profile="/usr/sbin/cups-browsed" pid=939 comm="cups-browsed" family="unix" sock_type="stream" protocol=0 requested_mask="create" denied_mask="create" [Mi Okt 4 16:57:54 2017] audit: type=1400 audit(1507129074.886:556): apparmor="DENIED" operation="create" profile="/usr/sbin/cups-browsed" pid=939 comm="cups-browsed" family="unix" sock_type="stream" protocol=0 requested_mask="create" denied_mask="create" [Mi Okt 4 16:57:55 2017] audit: type=1400 audit(1507129075.886:557): apparmor="DENIED" operation="create" profile="/usr/sbin/cups-browsed" pid=939 comm="cups-browsed" family="unix" sock_type="stream" protocol=0 requested_mask="create" denied_mask="create" […] ``` To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1721278/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp