[apparmor] permission denied for aa_is_enabled()
Jeroen Ooms
jeroen.ooms at stat.ucla.edu
Wed Oct 17 19:20:11 UTC 2012
I am using the following profile to confine R:
https://github.com/jeroenooms/RAppArmor/blob/master/inst/profiles/debian/usr.bin.r.
I would like to be able to test if a current process is being
enforced. However, the usr.bin.r profile is being enforced, and I try
to call aa_is_enabled() or aa_find_mountpoint, I get permission denied
errors.
Oct 17 12:19:12 jeroen-ubuntu kernel: [425423.513585] type=1400
audit(1350501552.825:359): apparmor="DENIED" operation="open"
parent=30726 profile="/usr/bin/R" name="/dev/tty" pid=950 comm="R"
requested_mask="rw" denied_mask="rw" fsuid=1000 ouid=0
Oct 17 12:19:12 jeroen-ubuntu kernel: [425423.513688] type=1400
audit(1350501552.825:360): apparmor="DENIED" operation="open"
parent=30726 profile="/usr/bin/R" name="/dev/pts/1" pid=950 comm="R"
requested_mask="rw" denied_mask="rw" fsuid=1000 ouid=1000
Oct 17 12:19:12 jeroen-ubuntu kernel: [425423.607746] type=1400
audit(1350501552.921:361): apparmor="DENIED" operation="open"
parent=30726 profile="/usr/bin/R" name="/home/jeroen/.Rprofile"
pid=950 comm="R" requested_mask="r" denied_mask="r" fsuid=1000
ouid=1000
Oct 17 12:19:12 jeroen-ubuntu kernel: [425423.607758] type=1400
audit(1350501552.921:362): apparmor="DENIED" operation="open"
parent=30726 profile="/usr/bin/R" name="/home/jeroen/.Rprofile"
pid=950 comm="R" requested_mask="r" denied_mask="r" fsuid=1000
ouid=1000
Oct 17 12:19:13 jeroen-ubuntu kernel: [425423.767979] type=1400
audit(1350501553.081:363): apparmor="DENIED" operation="open"
parent=30726 profile="/usr/bin/R" name="/etc/inputrc" pid=950 comm="R"
requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
What should be added to the profile in order for the process to be
able to lookup its own confinement status?
More information about the AppArmor
mailing list