[apparmor] [profile] transmission-gtk, the encrypted data and requested/denied 'rwc'.
Seth Arnold
seth.arnold at canonical.com
Thu Jan 21 20:08:36 UTC 2016
Hello Daniel,
On Thu, Jan 21, 2016 at 12:57:31PM +0100, daniel curtis wrote:
> 1/ DENIED entries for 'random/uuid' even with a rule in the profile.
The 'owner' modifier on this rule is preventing the read. The DENIED line
on my system for this error shows:
type=AVC msg=audit(1453406645.169:8252): apparmor="DENIED"
operation="open" profile="/tmp/bash" name="/proc/sys/kernel/random/uuid"
pid=8778 comm="cat" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
Note that the 'fsuid' and 'ouid' are different -- the ouid shows the
object is owned by uid 0, the fsuid shows that my process is running as
user 1000.
> 2/ access to the encrypted ~/Private directory (should it be allowed?) and
> 'k' access mode etc.
You do need to grant privileges to your ~/Private directory and all its
children. It's unfortunate but that's the way it works.
You may or may not need 'k' mode. I mentioned it only because it seemed
likely to me that transmission would use it. :) If it doesn't request it
you don't need to give it.
Thanks
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 473 bytes
Desc: Digital signature
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20160121/0aa579f3/attachment.pgp>
More information about the AppArmor
mailing list