When testing Apache confinement on Debian Sid using phpsysinfo as example provided, I discovered multiple denies, which are fixed in this MR.
Denies in question:
type=AVC msg=audit(1509385448.853:379): apparmor="DENIED" operation="open" profile="/usr/sbin/apache2//phpsysinfo" name="/etc/phpsysinfo/phpsysinfo.ini" pid=16743 comm="apache2" requested_mask="r" denied_mask="r" fsuid=33 ouid=0
type=SYSCALL msg=audit(1509385448.853:379): arch=c000003e syscall=2 success=no exit=-13 a0=7ffc3ad88850 a1=0 a2=1b6 a3=7ffc3ad85620 items=0 ppid=16742 pid=16743 auid=4294967295 uid=33 gid=33 euid=33 suid=33 fsuid=33 egid=33 sgid=33 fsgid=33 tty=(none) ses=4294967295 comm="apache2" exe="/usr/sbin/apache2" key=(null)
type=PROCTITLE msg=audit(1509385448.853:379): proctitle=2F7573722F7362696E2F61706163686532002D6B007374617274
type=AVC msg=audit(1509385448.857:380): apparmor="DENIED" operation="open" profile="/usr/sbin/apache2//phpsysinfo" name="/etc/default/locale" pid=16743 comm="apache2" requested_mask="r" denied_mask="r" fsuid=33 ouid=0
type=SYSCALL msg=audit(1509385448.857:380): arch=c000003e syscall=2 success=no exit=-13 a0=7ffc3ad88a70 a1=0 a2=1b6 a3=7ffc3ad86990 items=0 ppid=16742 pid=16743 auid=4294967295 uid=33 gid=33 euid=33 suid=33 fsuid=33 egid=33 sgid=33 fsgid=33 tty=(none) ses=4294967295 comm="apache2" exe="/usr/sbin/apache2" key=(null)
type=PROCTITLE msg=audit(1509385448.857:380): proctitle=2F7573722F7362696E2F61706163686532002D6B007374617274
type=AVC msg=audit(1509385827.445:495): apparmor="DENIED" operation="open" profile="/usr/sbin/apache2//phpsysinfo" name="/proc/" pid=17493 comm="apache2" requested_mask="r" denied_mask="r" fsuid=33 ouid=0
type=SYSCALL msg=audit(1509385827.445:495): arch=c000003e syscall=2 success=no exit=-13 a0=7ffd393fd760 a1=90800 a2=2a a3=1 items=0 ppid=17415 pid=17493 auid=4294967295 uid=33 gid=33 euid=33 suid=33 fsuid=33 egid=33 sgid=33 fsgid=33 tty=(none) ses=4294967295 comm="apache2" exe="/usr/sbin/apache2" key=(null)
type=PROCTITLE msg=audit(1509385827.445:495): proctitle=2F7573722F7362696E2F61706163686532002D6B007374617274
type=AVC msg=audit(1509385986.481:564): apparmor="DENIED" operation="open" profile="/usr/sbin/apache2//phpsysinfo" name="/run/udev/data/+usb:1-1:1.0" pid=17753 comm="lsusb" requested_mask="r" denied_mask="r" fsuid=33 ouid=0
type=SYSCALL msg=audit(1509385986.481:564): arch=c000003e syscall=2 success=no exit=-13 a0=7ffc7e58dc30 a1=80000 a2=1b6 a3=80000 items=0 ppid=17752 pid=17753 auid=4294967295 uid=33 gid=33 euid=33 suid=33 fsuid=33 egid=33 sgid=33 fsgid=33 tty=(none) ses=4294967295 comm="lsusb" exe="/usr/bin/lsusb" key=(null)
type=AVC msg=audit(1509385986.481:565): apparmor="DENIED" operation="open" profile="/usr/sbin/apache2//phpsysinfo" name="/sys/bus/i2c/devices/" pid=17496 comm="apache2" requested_mask="r" denied_mask="r" fsuid=33 ouid=0
type=SYSCALL msg=audit(1509385986.481:565): arch=c000003e syscall=2 success=no exit=-13 a0=7ffd393fd740 a1=90800 a2=2a a3=1 items=0 ppid=17415 pid=17496 auid=4294967295 uid=33 gid=33 euid=33 suid=33 fsuid=33 egid=33 sgid=33 fsgid=33 tty=(none) ses=4294967295 comm="apache2" exe="/usr/sbin/apache2" key=(null)
type=PROCTITLE msg=audit(1509385986.481:565): proctitle=2F7573722F7362696E2F61706163686532002D6B007374617274
type=AVC msg=audit(1509385986.485:566): apparmor="DENIED" operation="exec" profile="/usr/sbin/apache2//phpsysinfo" name="/bin/ip" pid=17756 comm="sh" requested_mask="x" denied_mask="x" fsuid=33 ouid=0
type=SYSCALL msg=audit(1509385986.485:566): arch=c000003e syscall=59 success=no exit=-13 a0=555e361b0b70 a1=555e361b0be0 a2=555e361b0c08 a3=7ff184b249d0 items=0 ppid=17755 pid=17756 auid=4294967295 uid=33 gid=33 euid=33 suid=33 fsuid=33 egid=33 sgid=33 fsgid=33 tty=(none) ses=4294967295 comm="sh" exe="/bin/dash" key=(null)
type=AVC msg=audit(1509386439.525:751): apparmor="DENIED" operation="exec" profile="/usr/sbin/apache2//phpsysinfo" name="/usr/bin/locale" pid=18519 comm="sh" requested_mask="x" denied_mask="x" fsuid=33 ouid=0
type=SYSCALL msg=audit(1509386439.525:751): arch=c000003e syscall=59 success=no exit=-13 a0=55d60477b440 a1=55d6039e7c30 a2=55d60477b3d8 a3=55d60477b130 items=0 ppid=18518 pid=18519 auid=4294967295 uid=33 gid=33 euid=33 suid=33 fsuid=33 egid=33 sgid=33 fsgid=33 tty=(none) ses=4294967295 comm="sh" exe="/bin/dash" key=(null)
type=PROCTITLE msg=audit(1509386439.525:751): proctitle=7368002D63004C414E473D22656E5F55532E5554462D3822206C6F63616C65202D6B204C435F435459504520323E2F6465762F6E756C6C
type=AVC msg=audit(1509386440.341:771): apparmor="DENIED" operation="open" profile="/usr/sbin/apache2//phpsysinfo" name="/usr/share/distro-info/debian.csv" pid=18561 comm="lsb_release" requested_mask="r" denied_mask="r" fsuid=33 ouid=0
type=SYSCALL msg=audit(1509386440.341:771): arch=c000003e syscall=2 success=no exit=-13 a0=7fe67ad87c20 a1=80000 a2=1b6 a3=7fe67ae52ae0 items=0 ppid=18560 pid=18561 auid=4294967295 uid=33 gid=33 euid=33 suid=33 fsuid=33 egid=33 sgid=33 fsgid=33 tty=(none) ses=4294967295 comm="lsb_release" exe="/usr/bin/python3.6" key=(null)
type=PROCTITLE msg=audit(1509386440.341:771): proctitle=2F7573722F62696E2F707974686F6E33002D4573002F7573722F62696E2F6C73625F72656C65617365002D61
type=AVC msg=audit(1509386440.357:772): apparmor="DENIED" operation="exec" profile="/usr/sbin/apache2//phpsysinfo" name="/bin/dmesg" pid=18569 comm="sh" requested_mask="x" denied_mask="x" fsuid=33 ouid=0
type=SYSCALL msg=audit(1509386440.357:772): arch=c000003e syscall=59 success=no exit=-13 a0=5574cd8d7af8 a1=5574cd8d7b20 a2=5574cd8d7b30 a3=7f54c9d8c9d0 items=0 ppid=18568 pid=18569 auid=4294967295 uid=33 gid=33 euid=33 suid=33 fsuid=33 egid=33 sgid=33 fsgid=33 tty=(none) ses=4294967295 comm="sh" exe="/bin/dash" key=(null)
type=PROCTITLE msg=audit(1509386440.357:772): proctitle=7368002D6300222F62696E2F646D6573672220
type=AVC msg=audit(1509386440.465:773): apparmor="DENIED" operation="open" profile="/usr/sbin/apache2//phpsysinfo" name="/run/udev/data/c189:0" pid=18575 comm="lsusb" requested_mask="r" denied_mask="r" fsuid=33 ouid=0
type=SYSCALL msg=audit(1509386440.465:773): arch=c000003e syscall=2 success=no exit=-13 a0=7ffd4a0f2f00 a1=80000 a2=1b6 a3=80000 items=0 ppid=18574 pid=18575 auid=4294967295 uid=33 gid=33 euid=33 suid=33 fsuid=33 egid=33 sgid=33 fsgid=33 tty=(none) ses=4294967295 comm="lsusb" exe="/usr/bin/lsusb" key=(null)
type=PROCTITLE msg=audit(1509386440.465:773): proctitle="/usr/bin/lsusb"
type=AVC msg=audit(1509386440.465:776): apparmor="DENIED" operation="open" profile="/usr/sbin/apache2//phpsysinfo" name="/run/udev/data/+usb:1-1:1.0" pid=18575 comm="lsusb" requested_mask="r" denied_mask="r" fsuid=33 ouid=0
type=SYSCALL msg=audit(1509386440.465:776): arch=c000003e syscall=2 success=no exit=-13 a0=7ffd4a0f2f00 a1=80000 a2=1b6 a3=80000 items=0 ppid=18574 pid=18575 auid=4294967295 uid=33 gid=33 euid=33 suid=33 fsuid=33 egid=33 sgid=33 fsgid=33 tty=(none) ses=4294967295 comm="lsusb" exe="/usr/bin/lsusb" key=(null)
type=PROCTITLE msg=audit(1509386440.465:776): proctitle="/usr/bin/lsusb"
type=AVC msg=audit(1509386440.469:777): apparmor="DENIED" operation="open" profile="/usr/sbin/apache2//phpsysinfo" name="/etc/iproute2/group" pid=18578 comm="ip" requested_mask="r" denied_mask="r" fsuid=33 ouid=0
type=SYSCALL msg=audit(1509386440.469:777): arch=c000003e syscall=2 success=no exit=-13 a0=559c53cdf508 a1=0 a2=1b6 a3=0 items=0 ppid=18577 pid=18578 auid=4294967295 uid=33 gid=33 euid=33 suid=33 fsuid=33 egid=33 sgid=33 fsgid=33 tty=(none) ses=4294967295 comm="ip" exe="/bin/ip" key=(null)
type=PROCTITLE msg=audit(1509386440.469:777): proctitle=2F7362696E2F697000616464720073686F77006C6F
type=AVC msg=audit(1509387218.868:966): apparmor="DENIED" operation="open" profile="/usr/sbin/apache2//phpsysinfo" name="/etc/dpkg/origins/debian" pid=19497 comm="lsb_release" requested_mask="r" denied_mask="r" fsuid=33 ouid=0
type=SYSCALL msg=audit(1509387218.868:966): arch=c000003e syscall=2 success=no exit=-13 a0=7f0b73630a50 a1=80000 a2=1b6 a3=7f0b735b6ca0 items=0 ppid=19496 pid=19497 auid=4294967295 uid=33 gid=33 euid=33 suid=33 fsuid=33 egid=33 sgid=33 fsgid=33 tty=(none) ses=4294967295 comm="lsb_release" exe="/usr/bin/python3.6" key=(null)
type=PROCTITLE msg=audit(1509387218.868:966): proctitle=2F7573722F62696E2F707974686F6E33002D4573002F7573722F62696E2F6C73625F72656C65617365002D61
type=AVC msg=audit(1509387440.856:1048): apparmor="DENIED" operation="open" profile="/usr/sbin/apache2//phpsysinfo" name="/etc/apt/apt.conf.d/" pid=19744 comm="apt-cache" requested_mask="r" denied_mask="r" fsuid=33 ouid=0
type=SYSCALL msg=audit(1509387440.856:1048): arch=c000003e syscall=2 success=no exit=-13 a0=556d21cf2b60 a1=90800 a2=7fce5e86eb58 a3=0 items=0 ppid=19743 pid=19744 auid=4294967295 uid=33 gid=33 euid=33 suid=33 fsuid=33 egid=33 sgid=33 fsgid=33 tty=(none) ses=4294967295 comm="apt-cache" exe="/usr/bin/apt-cache" key=(null)
type=PROCTITLE msg=audit(1509387440.856:1048): proctitle=6170742D636163686500706F6C696379
type=AVC msg=audit(1509387440.856:1049): apparmor="DENIED" operation="open" profile="/usr/sbin/apache2//phpsysinfo" name="/usr/share/dpkg/cputable" pid=19744 comm="apt-cache" requested_mask="r" denied_mask="r" fsuid=33 ouid=0
type=SYSCALL msg=audit(1509387440.856:1049): arch=c000003e syscall=2 success=no exit=-13 a0=556d21cf7ae0 a1=0 a2=1b6 a3=0 items=0 ppid=19743 pid=19744 auid=4294967295 uid=33 gid=33 euid=33 suid=33 fsuid=33 egid=33 sgid=33 fsgid=33 tty=(none) ses=4294967295 comm="apt-cache" exe="/usr/bin/apt-cache" key=(null)
type=PROCTITLE msg=audit(1509387440.856:1049): proctitle=6170742D636163686500706F6C696379
type=AVC msg=audit(1509387440.876:1050): apparmor="DENIED" operation="open" profile="/usr/sbin/apache2//phpsysinfo" name="/dev/kmsg" pid=19752 comm="dmesg" requested_mask="r" denied_mask="r" fsuid=33 ouid=0
type=SYSCALL msg=audit(1509387440.876:1050): arch=c000003e syscall=2 success=no exit=-13 a0=5635cd52f17d a1=800 a2=5635cd52feb8 a3=527 items=0 ppid=19751 pid=19752 auid=4294967295 uid=33 gid=33 euid=33 suid=33 fsuid=33 egid=33 sgid=33 fsgid=33 tty=(none) ses=4294967295 comm="dmesg" exe="/bin/dmesg" key=(null)
type=PROCTITLE msg=audit(1509387440.876:1050): proctitle="/bin/dmesg"
type=AVC msg=audit(1509387714.588:1106): apparmor="DENIED" operation="open" profile="/usr/sbin/apache2//phpsysinfo" name="/etc/apt/apt.conf.d/00CDMountPoint" pid=20175 comm="apt-cache" requested_mask="r" denied_mask="r" fsuid=33 ouid=0
type=SYSCALL msg=audit(1509387714.588:1106): arch=c000003e syscall=2 success=no exit=-13 a0=55d858e83020 a1=80100 a2=7ffc9c561c9b a3=55d858e7ecf0 items=0 ppid=20174 pid=20175 auid=4294967295 uid=33 gid=33 euid=33 suid=33 fsuid=33 egid=33 sgid=33 fsgid=33 tty=(none) ses=4294967295 comm="apt-cache" exe="/usr/bin/apt-cache" key=(null)
type=PROCTITLE msg=audit(1509387714.588:1106): proctitle=6170742D636163686500706F6C696379
type=AVC msg=audit(1509387714.588:1107): apparmor="DENIED" operation="open" profile="/usr/sbin/apache2//phpsysinfo" name="/etc/apt/apt.conf.d/00aptitude" pid=20175 comm="apt-cache" requested_mask="r" denied_mask="r" fsuid=33 ouid=0
type=SYSCALL msg=audit(1509387714.588:1107): arch=c000003e syscall=2 success=no exit=-13 a0=55d858e7ecc0 a1=80100 a2=7ffc9c561c9b a3=73 items=0 ppid=20174 pid=20175 auid=4294967295 uid=33 gid=33 euid=33 suid=33 fsuid=33 egid=33 sgid=33 fsgid=33 tty=(none) ses=4294967295 comm="apt-cache" exe="/usr/bin/apt-cache" key=(null)
type=PROCTITLE msg=audit(1509387714.588:1107): proctitle=6170742D636163686500706F6C696379
type=AVC msg=audit(1509387714.588:1108): apparmor="DENIED" operation="open" profile="/usr/sbin/apache2//phpsysinfo" name="/etc/apt/apt.conf.d/00trustcdrom" pid=20175 comm="apt-cache" requested_mask="r" denied_mask="r" fsuid=33 ouid=0
type=SYSCALL msg=audit(1509387714.588:1108): arch=c000003e syscall=2 success=no exit=-13 a0=55d858e83810 a1=80100 a2=7ffc9c561c9b a3=73 items=0 ppid=20174 pid=20175 auid=4294967295 uid=33 gid=33 euid=33 suid=33 fsuid=33 egid=33 sgid=33 fsgid=33 tty=(none) ses=4294967295 comm="apt-cache" exe="/usr/bin/apt-cache" key=(null)
type=PROCTITLE msg=audit(1509387714.588:1108): proctitle=6170742D636163686500706F6C696379
type=AVC msg=audit(1509387714.588:1109): apparmor="DENIED" operation="open" profile="/usr/sbin/apache2//phpsysinfo" name="/etc/apt/apt.conf.d/01autoremove" pid=20175 comm="apt-cache" requested_mask="r" denied_mask="r" fsuid=33 ouid=0
type=SYSCALL msg=audit(1509387714.588:1109): arch=c000003e syscall=2 success=no exit=-13 a0=55d858e80d10 a1=80100 a2=7ffc9c561c9b a3=73 items=0 ppid=20174 pid=20175 auid=4294967295 uid=33 gid=33 euid=33 suid=33 fsuid=33 egid=33 sgid=33 fsgid=33 tty=(none) ses=4294967295 comm="apt-cache" exe="/usr/bin/apt-cache" key=(null)
type=PROCTITLE msg=audit(1509387714.588:1109): proctitle=6170742D636163686500706F6C696379
type=AVC msg=audit(1509387714.588:1110): apparmor="DENIED" operation="open" profile="/usr/sbin/apache2//phpsysinfo" name="/etc/apt/apt.conf.d/01autoremove-kernels" pid=20175 comm="apt-cache" requested_mask="r" denied_mask="r" fsuid=33 ouid=0
type=SYSCALL msg=audit(1509387714.588:1110): arch=c000003e syscall=2 success=no exit=-13 a0=55d858e7ed50 a1=80100 a2=7ffc9c561c9b a3=73 items=0 ppid=20174 pid=20175 auid=4294967295 uid=33 gid=33 euid=33 suid=33 fsuid=33 egid=33 sgid=33 fsgid=33 tty=(none) ses=4294967295 comm="apt-cache" exe="/usr/bin/apt-cache" key=(null)
type=PROCTITLE msg=audit(1509387714.588:1110): proctitle=6170742D636163686500706F6C696379
type=AVC msg=audit(1509387714.588:1111): apparmor="DENIED" operation="open" profile="/usr/sbin/apache2//phpsysinfo" name="/etc/apt/apt.conf.d/20auto-upgrades" pid=20175 comm="apt-cache" requested_mask="r" denied_mask="r" fsuid=33 ouid=0
type=SYSCALL msg=audit(1509387714.588:1111): arch=c000003e syscall=2 success=no exit=-13 a0=55d858e7eb30 a1=80100 a2=7ffc9c561c9b a3=73 items=0 ppid=20174 pid=20175 auid=4294967295 uid=33 gid=33 euid=33 suid=33 fsuid=33 egid=33 sgid=33 fsgid=33 tty=(none) ses=4294967295 comm="apt-cache" exe="/usr/bin/apt-cache" key=(null)
type=PROCTITLE msg=audit(1509387714.588:1111): proctitle=6170742D636163686500706F6C696379
type=AVC msg=audit(1509387714.588:1112): apparmor="DENIED" operation="open" profile="/usr/sbin/apache2//phpsysinfo" name="/etc/apt/apt.conf.d/20listchanges" pid=20175 comm="apt-cache" requested_mask="r" denied_mask="r" fsuid=33 ouid=0
type=SYSCALL msg=audit(1509387714.588:1112): arch=c000003e syscall=2 success=no exit=-13 a0=55d858e83370 a1=80100 a2=7ffc9c561c9b a3=73 items=0 ppid=20174 pid=20175 auid=4294967295 uid=33 gid=33 euid=33 suid=33 fsuid=33 egid=33 sgid=33 fsgid=33 tty=(none) ses=4294967295 comm="apt-cache" exe="/usr/bin/apt-cache" key=(null)
type=PROCTITLE msg=audit(1509387714.588:1112): proctitle=6170742D636163686500706F6C696379
type=AVC msg=audit(1509387714.588:1113): apparmor="DENIED" operation="open" profile="/usr/sbin/apache2//phpsysinfo" name="/etc/apt/apt.conf.d/20packagekit" pid=20175 comm="apt-cache" requested_mask="r" denied_mask="r" fsuid=33 ouid=0
type=SYSCALL msg=audit(1509387714.588:1113): arch=c000003e syscall=2 success=no exit=-13 a0=55d858e7ec90 a1=80100 a2=7ffc9c561c9b a3=73 items=0 ppid=20174 pid=20175 auid=4294967295 uid=33 gid=33 euid=33 suid=33 fsuid=33 egid=33 sgid=33 fsgid=33 tty=(none) ses=4294967295 comm="apt-cache" exe="/usr/bin/apt-cache" key=(null)
type=PROCTITLE msg=audit(1509387714.588:1113): proctitle=6170742D636163686500706F6C696379
type=AVC msg=audit(1509387714.588:1114): apparmor="DENIED" operation="open" profile="/usr/sbin/apache2//phpsysinfo" name="/etc/apt/apt.conf.d/50appstream" pid=20175 comm="apt-cache" requested_mask="r" denied_mask="r" fsuid=33 ouid=0
type=SYSCALL msg=audit(1509387714.588:1114): arch=c000003e syscall=2 success=no exit=-13 a0=55d858e7ed20 a1=80100 a2=7ffc9c561c9b a3=73 items=0 ppid=20174 pid=20175 auid=4294967295 uid=33 gid=33 euid=33 suid=33 fsuid=33 egid=33 sgid=33 fsgid=33 tty=(none) ses=4294967295 comm="apt-cache" exe="/usr/bin/apt-cache" key=(null)
type=PROCTITLE msg=audit(1509387714.588:1114): proctitle=6170742D636163686500706F6C696379
type=AVC msg=audit(1509387714.588:1115): apparmor="DENIED" operation="open" profile="/usr/sbin/apache2//phpsysinfo" name="/etc/apt/apt.conf.d/50apt-file.conf" pid=20175 comm="apt-cache" requested_mask="r" denied_mask="r" fsuid=33 ouid=0
type=SYSCALL msg=audit(1509387714.588:1115): arch=c000003e syscall=2 success=no exit=-13 a0=55d858e80ce0 a1=80100 a2=7ffc9c561c9b a3=73 items=0 ppid=20174 pid=20175 auid=4294967295 uid=33 gid=33 euid=33 suid=33 fsuid=33 egid=33 sgid=33 fsgid=33 tty=(none) ses=4294967295 comm="apt-cache" exe="/usr/bin/apt-cache" key=(null)
type=PROCTITLE msg=audit(1509387714.588:1115): proctitle=6170742D636163686500706F6C696379
type=AVC msg=audit(1509387714.588:1116): apparmor="DENIED" operation="open" profile="/usr/sbin/apache2//phpsysinfo" name="/etc/apt/apt.conf.d/50unattended-upgrades" pid=20175 comm="apt-cache" requested_mask="r" denied_mask="r" fsuid=33 ouid=0
type=SYSCALL msg=audit(1509387714.588:1116): arch=c000003e syscall=2 success=no exit=-13 a0=55d858e7f3f0 a1=80100 a2=7ffc9c561c9b a3=73 items=0 ppid=20174 pid=20175 auid=4294967295 uid=33 gid=33 euid=33 suid=33 fsuid=33 egid=33 sgid=33 fsgid=33 tty=(none) ses=4294967295 comm="apt-cache" exe="/usr/bin/apt-cache" key=(null)
type=PROCTITLE msg=audit(1509387714.588:1116): proctitle=6170742D636163686500706F6C696379
type=AVC msg=audit(1509387714.588:1117): apparmor="DENIED" operation="open" profile="/usr/sbin/apache2//phpsysinfo" name="/etc/apt/apt.conf.d/60apper" pid=20175 comm="apt-cache" requested_mask="r" denied_mask="r" fsuid=33 ouid=0
type=SYSCALL msg=audit(1509387714.588:1117): arch=c000003e syscall=2 success=no exit=-13 a0=55d858e83130 a1=80100 a2=7ffc9c561c9b a3=73 items=0 ppid=20174 pid=20175 auid=4294967295 uid=33 gid=33 euid=33 suid=33 fsuid=33 egid=33 sgid=33 fsgid=33 tty=(none) ses=4294967295 comm="apt-cache" exe="/usr/bin/apt-cache" key=(null)
type=PROCTITLE msg=audit(1509387714.588:1117): proctitle=6170742D636163686500706F6C696379
type=AVC msg=audit(1509387714.588:1118): apparmor="DENIED" operation="open" profile="/usr/sbin/apache2//phpsysinfo" name="/etc/apt/apt.conf.d/60plasma-discover" pid=20175 comm="apt-cache" requested_mask="r" denied_mask="r" fsuid=33 ouid=0
type=SYSCALL msg=audit(1509387714.588:1118): arch=c000003e syscall=2 success=no exit=-13 a0=55d858e7ecf0 a1=80100 a2=7ffc9c561c9b a3=73 items=0 ppid=20174 pid=20175 auid=4294967295 uid=33 gid=33 euid=33 suid=33 fsuid=33 egid=33 sgid=33 fsgid=33 tty=(none) ses=4294967295 comm="apt-cache" exe="/usr/bin/apt-cache" key=(null)
type=PROCTITLE msg=audit(1509387714.588:1118): proctitle=6170742D636163686500706F6C696379
type=AVC msg=audit(1509387714.588:1119): apparmor="DENIED" operation="open" profile="/usr/sbin/apache2//phpsysinfo" name="/etc/apt/apt.conf.d/70debconf" pid=20175 comm="apt-cache" requested_mask="r" denied_mask="r" fsuid=33 ouid=0
type=SYSCALL msg=audit(1509387714.588:1119): arch=c000003e syscall=2 success=no exit=-13 a0=55d858e82010 a1=80100 a2=7ffc9c561c9b a3=73 items=0 ppid=20174 pid=20175 auid=4294967295 uid=33 gid=33 euid=33 suid=33 fsuid=33 egid=33 sgid=33 fsgid=33 tty=(none) ses=4294967295 comm="apt-cache" exe="/usr/bin/apt-cache" key=(null)
type=AVC msg=audit(1509387714.588:1120): apparmor="DENIED" operation="open" profile="/usr/sbin/apache2//phpsysinfo" name="/usr/share/dpkg/tupletable" pid=20175 comm="apt-cache" requested_mask="r" denied_mask="r" fsuid=33 ouid=0
type=SYSCALL msg=audit(1509387714.588:1120): arch=c000003e syscall=2 success=no exit=-13 a0=55d858e83110 a1=0 a2=1b6 a3=0 items=0 ppid=20174 pid=20175 auid=4294967295 uid=33 gid=33 euid=33 suid=33 fsuid=33 egid=33 sgid=33 fsgid=33 tty=(none) ses=4294967295 comm="apt-cache" exe="/usr/bin/apt-cache" key=(null)
type=PROCTITLE msg=audit(1509387714.588:1120): proctitle=6170742D636163686500706F6C696379
type=AVC msg=audit(1509387970.588:1221): apparmor="DENIED" operation="open" profile="/usr/sbin/apache2//phpsysinfo" name="/etc/apt/sources.list" pid=20662 comm="apt-cache" requested_mask="r" denied_mask="r" fsuid=33 ouid=0
type=SYSCALL msg=audit(1509387970.588:1221): arch=c000003e syscall=2 success=no exit=-13 a0=559251e86810 a1=80100 a2=ffffffff a3=32 items=0 ppid=20661 pid=20662 auid=4294967295 uid=33 gid=33 euid=33 suid=33 fsuid=33 egid=33 sgid=33 fsgid=33 tty=(none) ses=4294967295 comm="apt-cache" exe="/usr/bin/apt-cache" key=(null)
type=PROCTITLE msg=audit(1509387970.588:1221): proctitle=6170742D636163686500706F6C696379
type=AVC msg=audit(1509387970.588:1222): apparmor="DENIED" operation="open" profile="/usr/sbin/apache2//phpsysinfo" name="/etc/apt/sources.list.d/" pid=20662 comm="apt-cache" requested_mask="r" denied_mask="r" fsuid=33 ouid=0
type=SYSCALL msg=audit(1509387970.588:1222): arch=c000003e syscall=2 success=no exit=-13 a0=559251e93fc0 a1=90800 a2=7f5c7472eb58 a3=0 items=0 ppid=20661 pid=20662 auid=4294967295 uid=33 gid=33 euid=33 suid=33 fsuid=33 egid=33 sgid=33 fsgid=33 tty=(none) ses=4294967295 comm="apt-cache" exe="/usr/bin/apt-cache" key=(null)
type=PROCTITLE msg=audit(1509387970.588:1222): proctitle=6170742D636163686500706F6C696379
type=AVC msg=audit(1509387970.588:1223): apparmor="DENIED" operation="open" profile="/usr/sbin/apache2//phpsysinfo" name="/var/cache/apt/pkgcache.bin" pid=20662 comm="apt-cache" requested_mask="r" denied_mask="r" fsuid=33 ouid=0
type=SYSCALL msg=audit(1509387970.588:1223): arch=c000003e syscall=2 success=no exit=-13 a0=559251e7efa0 a1=0 a2=1b6 a3=0 items=0 ppid=20661 pid=20662 auid=4294967295 uid=33 gid=33 euid=33 suid=33 fsuid=33 egid=33 sgid=33 fsgid=33 tty=(none) ses=4294967295 comm="apt-cache" exe="/usr/bin/apt-cache" key=(null)
type=PROCTITLE msg=audit(1509387970.588:1223): proctitle=6170742D636163686500706F6C696379
type=AVC msg=audit(1509387970.588:1224): apparmor="DENIED" operation="open" profile="/usr/sbin/apache2//phpsysinfo" name="/var/cache/apt/srcpkgcache.bin" pid=20662 comm="apt-cache" requested_mask="r" denied_mask="r" fsuid=33 ouid=0
type=SYSCALL msg=audit(1509387970.588:1224): arch=c000003e syscall=2 success=no exit=-13 a0=559251e7efa0 a1=0 a2=1b6 a3=0 items=0 ppid=20661 pid=20662 auid=4294967295 uid=33 gid=33 euid=33 suid=33 fsuid=33 egid=33 sgid=33 fsgid=33 tty=(none) ses=4294967295 comm="apt-cache" exe="/usr/bin/apt-cache" key=(null)
type=PROCTITLE msg=audit(1509387970.588:1224): proctitle=6170742D636163686500706F6C696379
type=AVC msg=audit(1509387970.588:1225): apparmor="DENIED" operation="exec" profile="/usr/sbin/apache2//phpsysinfo" name="/usr/bin/dpkg" pid=20663 comm="apt-cache" requested_mask="x" denied_mask="x" fsuid=33 ouid=0
type=SYSCALL msg=audit(1509387970.588:1225): arch=c000003e syscall=59 success=no exit=-13 a0=559251e83a90 a1=559251e83960 a2=7ffcc3fc9cb0 a3=2 items=0 ppid=20662 pid=20663 auid=4294967295 uid=33 gid=33 euid=33 suid=33 fsuid=33 egid=33 sgid=33 fsgid=33 tty=(none) ses=4294967295 comm="apt-cache" exe="/usr/bin/apt-cache" key=(null)
type=PROCTITLE msg=audit(1509387970.588:1225): proctitle=6170742D636163686500706F6C696379
type=AVC msg=audit(1509387970.592:1226): apparmor="DENIED" operation="open" profile="/usr/sbin/apache2//phpsysinfo" name="/var/lib/apt/lists/" pid=20662 comm="apt-cache" requested_mask="r" denied_mask="r" fsuid=33 ouid=0
type=SYSCALL msg=audit(1509387970.592:1226): arch=c000003e syscall=2 success=no exit=-13 a0=559251e83490 a1=90800 a2=13 a3=32 items=0 ppid=20661 pid=20662 auid=4294967295 uid=33 gid=33 euid=33 suid=33 fsuid=33 egid=33 sgid=33 fsgid=33 tty=(none) ses=4294967295 comm="apt-cache" exe="/usr/bin/apt-cache" key=(null)
type=PROCTITLE msg=audit(1509387970.592:1226): proctitle=6170742D636163686500706F6C696379
type=AVC msg=audit(1509387970.624:1228): apparmor="DENIED" operation="open" profile="/usr/sbin/apache2//phpsysinfo" name="/etc/apt/preferences.d/" pid=20662 comm="apt-cache" requested_mask="r" denied_mask="r" fsuid=33 ouid=0
type=SYSCALL msg=audit(1509387970.624:1228): arch=c000003e syscall=2 success=no exit=-13 a0=559251e97260 a1=90800 a2=7f5c7472eb58 a3=0 items=0 ppid=20661 pid=20662 auid=4294967295 uid=33 gid=33 euid=33 suid=33 fsuid=33 egid=33 sgid=33 fsgid=33 tty=(none) ses=4294967295 comm="apt-cache" exe="/usr/bin/apt-cache" key=(null)
type=PROCTITLE msg=audit(1509387970.624:1228): proctitle=6170742D636163686500706F6C696379
type=AVC msg=audit(1509388530.019:1358): apparmor="DENIED" operation="open" profile="/usr/sbin/apache2//phpsysinfo" name="/etc/dpkg/dpkg.cfg.d/" pid=21282 comm="dpkg" requested_mask="r" denied_mask="r" fsuid=33 ouid=0
type=SYSCALL msg=audit(1509388530.019:1358): arch=c000003e syscall=2 success=no exit=-13 a0=558cb85ef650 a1=90800 a2=558cb8149c70 a3=73 items=0 ppid=21281 pid=21282 auid=4294967295 uid=33 gid=33 euid=33 suid=33 fsuid=33 egid=33 sgid=33 fsgid=33 tty=(none) ses=4294967295 comm="dpkg" exe="/usr/bin/dpkg" key=(null)
type=PROCTITLE msg=audit(1509388530.019:1358): proctitle=2F7573722F62696E2F64706B67002D2D7072696E742D666F726569676E2D61726368697465637475726573
type=AVC msg=audit(1509388530.019:1359): apparmor="DENIED" operation="mknod" profile="/usr/sbin/apache2//phpsysinfo" name="/tmp/fileutl.message.AWZFtl" pid=21281 comm="apt-cache" requested_mask="c" denied_mask="c" fsuid=33 ouid=33
type=SYSCALL msg=audit(1509388530.019:1359): arch=c000003e syscall=2 success=no exit=-13 a0=559c1bfd3060 a1=c2 a2=180 a3=7ffe1ae847d0 items=0 ppid=21280 pid=21281 auid=4294967295 uid=33 gid=33 euid=33 suid=33 fsuid=33 egid=33 sgid=33 fsgid=33 tty=(none) ses=4294967295 comm="apt-cache" exe="/usr/bin/apt-cache" key=(null)
type=PROCTITLE msg=audit(1509388530.019:1359): proctitle=6170742D636163686500706F6C696379
type=AVC msg=audit(1509388717.687:1405): apparmor="DENIED" operation="open" profile="/usr/sbin/apache2//phpsysinfo" name="/etc/dpkg/dpkg.cfg.d/pkg-config-hook-config" pid=21673 comm="dpkg" requested_mask="r" denied_mask="r" fsuid=33 ouid=0
type=SYSCALL msg=audit(1509388717.687:1405): arch=c000003e syscall=2 success=no exit=-13 a0=5559401556e0 a1=0 a2=1b6 a3=0 items=0 ppid=21672 pid=21673 auid=4294967295 uid=33 gid=33 euid=33 suid=33 fsuid=33 egid=33 sgid=33 fsgid=33 tty=(none) ses=4294967295 comm="dpkg" exe="/usr/bin/dpkg" key=(null)
type=PROCTITLE msg=audit(1509388717.687:1405): proctitle=2F7573722F62696E2F64706B67002D2D7072696E742D666F726569676E2D61726368697465637475726573
type=AVC msg=audit(1509388717.687:1406): apparmor="DENIED" operation="open" profile="/usr/sbin/apache2//phpsysinfo" name="/etc/dpkg/dpkg.cfg" pid=21673 comm="dpkg" requested_mask="r" denied_mask="r" fsuid=33 ouid=0
type=SYSCALL msg=audit(1509388717.687:1406): arch=c000003e syscall=2 success=no exit=-13 a0=555940155650 a1=0 a2=1b6 a3=0 items=0 ppid=21672 pid=21673 auid=4294967295 uid=33 gid=33 euid=33 suid=33 fsuid=33 egid=33 sgid=33 fsgid=33 tty=(none) ses=4294967295 comm="dpkg" exe="/usr/bin/dpkg" key=(null)
type=PROCTITLE msg=audit(1509388717.687:1406): proctitle=2F7573722F62696E2F64706B67002D2D7072696E742D666F726569676E2D61726368697465637475726573
type=AVC msg=audit(1509388717.687:1407): apparmor="DENIED" operation="open" profile="/usr/sbin/apache2//phpsysinfo" name="/var/lib/apt/lists/ftp.lt.debian.org_debian_dists_sid_InRelease" pid=21672 comm="apt-cache" requested_mask="r" denied_mask="r" fsuid=33 ouid=0
type=SYSCALL msg=audit(1509388717.687:1407): arch=c000003e syscall=2 success=no exit=-13 a0=55d03aa41fc0 a1=0 a2=1b6 a3=0 items=0 ppid=21671 pid=21672 auid=4294967295 uid=33 gid=33 euid=33 suid=33 fsuid=33 egid=33 sgid=33 fsgid=33 tty=(none) ses=4294967295 comm="apt-cache" exe="/usr/bin/apt-cache" key=(null)
type=PROCTITLE msg=audit(1509388717.687:1407): proctitle=6170742D636163686500706F6C696379
I notice lots of rules added for lsb_release. We had to add a bunch of similar ones to usr.bin.thunderbird recently, which was done with a named lsb_release child profile. This seems to be a nicer approach to me: whatever lsb_release needs is self-contained instead of being mixed with everything else Thunderbird/
What do you think?