*** This bug is a duplicate of bug 1872564 *** https://bugs.launchpad.net/bugs/1872564
** Changed in: apparmor (Ubuntu) Status: New => Confirmed ** This bug has been marked a duplicate of bug 1872564 /proc/sys/kernel/random/boot_id rule missing from abstractions/nameservice -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apparmor in Ubuntu. https://bugs.launchpad.net/bugs/1878175 Title: Abstraction needs access to @{PROC}/sys/kernel/random/boot_id Status in apparmor package in Ubuntu: Confirmed Bug description: This concerns apparmor 2.13.3-7ubuntu5 in Ubuntu focal. I have AppArmor actively enforcing policy on my system. In /var/log/syslog, I see a number of the following two sorts of messages: May 12 04:44:21 image-ubuntu64 kernel: [ 26.667094] audit: type=1400 audit(1589273061.296:63): apparmor="DENIED" operation="open" profile="nscd" name="/proc/sys/kernel/random/boot_id" pid=655 comm="nscd" requested_mask="r" denied_mask="r" fsuid=0 ouid=0 May 12 04:44:26 image-ubuntu64 kernel: [ 32.107018] audit: type=1400 audit(1589273066.730:99): apparmor="DENIED" operation="open" profile="/usr/sbin/nslcd" name="/proc/sys/kernel/random/boot_id" pid=1004 comm="nslcd" requested_mask="r" denied_mask="r" fsuid=0 ouid=0 The following line is needed in an abstraction somewhere: @{PROC}/sys/kernel/random/boot_id r, I've added it locally to /etc/apparmor.d/abstractions/nameservice, and that took care of the above errors for me. AppArmor upstream has added it to abstractions/nss-systemd, but this file does not exist in Ubuntu's apparmor package. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1878175/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp