*** This bug is a duplicate of bug 1872564 ***
    https://bugs.launchpad.net/bugs/1872564

** Changed in: apparmor (Ubuntu)
       Status: New => Confirmed

** This bug has been marked a duplicate of bug 1872564
   /proc/sys/kernel/random/boot_id rule missing from abstractions/nameservice

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/1878175

Title:
  Abstraction needs access to @{PROC}/sys/kernel/random/boot_id

Status in apparmor package in Ubuntu:
  Confirmed

Bug description:
  This concerns apparmor 2.13.3-7ubuntu5 in Ubuntu focal.

  I have AppArmor actively enforcing policy on my system. In
  /var/log/syslog, I see a number of the following two sorts of
  messages:

  May 12 04:44:21 image-ubuntu64 kernel: [   26.667094] audit: type=1400
  audit(1589273061.296:63): apparmor="DENIED" operation="open"
  profile="nscd" name="/proc/sys/kernel/random/boot_id" pid=655
  comm="nscd" requested_mask="r" denied_mask="r" fsuid=0 ouid=0

  May 12 04:44:26 image-ubuntu64 kernel: [   32.107018] audit: type=1400
  audit(1589273066.730:99): apparmor="DENIED" operation="open"
  profile="/usr/sbin/nslcd" name="/proc/sys/kernel/random/boot_id"
  pid=1004 comm="nslcd" requested_mask="r" denied_mask="r" fsuid=0
  ouid=0

  The following line is needed in an abstraction somewhere:

    @{PROC}/sys/kernel/random/boot_id r,

  I've added it locally to /etc/apparmor.d/abstractions/nameservice, and
  that took care of the above errors for me. AppArmor upstream has added
  it to abstractions/nss-systemd, but this file does not exist in
  Ubuntu's apparmor package.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1878175/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to     : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

Reply via email to