AppArmor Profiles

Code review comment for lp:~sdeziel/apparmor-profiles/unbound-profile

unbound-profile
Merge into master

Revision history for this message

Felix Geyer (debfx) wrote on 2011-11-30:

On Ubuntu 11.10 with a mostly default unbound configuration:

Nov 30 11:15:24 felix-ka kernel: [ 4633.749580] type=1400 audit(1322648124.325:120): apparmor="DENIED" operation="file_mmap" parent=4451 profile="/usr/sbin/unbound" name="/etc/passwd" pid=4463 comm="unbound" requested_mask="m" denied_mask="m" fsuid=0 ouid=0
Nov 30 11:15:24 felix-ka kernel: [ 4633.750649] type=1400 audit(1322648124.325:121): apparmor="DENIED" operation="capable" parent=4463 profile="/usr/sbin/unbound" pid=4464 comm="unbound" capability=1 capname="dac_override"
Nov 30 11:15:24 felix-ka kernel: [ 4633.750912] type=1400 audit(1322648124.325:122): apparmor="DENIED" operation="capable" parent=1 profile="/usr/sbin/unbound" pid=4464 comm="unbound" capability=0 capname="chown"
Nov 30 11:15:24 felix-ka kernel: [ 4633.751098] type=1400 audit(1322648124.325:123): apparmor="DENIED" operation="file_mmap" parent=1 profile="/usr/sbin/unbound" name="/etc/group" pid=4464 comm="unbound" requested_mask="m" denied_mask="m" fsuid=0 ouid=0
Nov 30 11:15:24 felix-ka kernel: [ 4633.752543] type=1400 audit(1322648124.329:124): apparmor="DENIED" operation="open" parent=1 profile="/usr/sbin/unbound" name="/var/lib/unbound/root.key" pid=4464 comm="unbound" requested_mask="r" denied_mask="r" fsuid=115 ouid=115

review: Needs Fixing

« Back to merge proposal