tcpdump 4.0.0-6ubuntu3 denied read access to ethers(5) by apparmor profile
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
tcpdump (Ubuntu) |
Fix Released
|
Low
|
Jamie Strandboge |
Bug Description
affects ubuntu/tcpdump
importance low
While debugging the configuration of my Ubuntu router, I noticed the
following in dmesg:
[ 2410.773511] type=1503 audit(128694971
[92714.036092] type=1503 audit(128704001
I don't know why tcpdump *wants* to access ethers(5); probably to
supplement the in-kernel neighbours (ARP) table.
Note that out-of-the-box there is no /etc/ethers, which is probably
why nobody noticed this before. I use ethers(5) to tell dnsmasq which
MACs get "fixed" IPs via DHCP allocation.
Related branches
tags: | added: apparmor |
Changed in tcpdump (Ubuntu): | |
status: | Incomplete → Fix Committed |
Trent, thanks for reporting a bug and helping to make Ubuntu better.
Can you do the following: d/usr.sbin. tcpdump:
1. add this to /etc/apparmor.
/etc/ethers r,
2. then perform: d/usr.sbin. tcpdump
$ sudo apparmor_parser -r -T -W /etc/apparmor.
and the report back if it fixes the issue for you.