[apparmor] [profile] lightdm-guest-session: "DENIED"; "mount" and "open" operation, gvfs-fuse-daemo and "/proc/*/net/arp" issue.
daniel curtis
sidetripping at gmail.com
Thu Feb 9 16:44:53 UTC 2017
Hi
I'd noticed, that after login as a guest and after taking some typical
operations, such as, web browsing with newest Firefox 51.0.1 release etc.,
system log files - for example - '/var/log/kern.log' and '/var/log/syslog'
contains "DENIED" entries. Here they are:
* /var/log/kern.log file:
Feb 9 16:00:18 t4 kernel: [ 169.266894] type=1400
audit(1486652418.489:50): apparmor="DENIED" operation="mount" parent=1
profile="/usr/lib/lightdm/lightdm/lightdm-guest-session-wrapper"
name="/tmp/guest-jETKy5/.gvfs/" pid=3025 comm="gvfs-fuse-daemo"
fstype="fuse.gvfs-fuse-daemon" srcname="gvfs-fuse-daemon" flags="rw,
nosuid, nodev"
Feb 9 16:00:57 t4 kernel: [ 208.438997] type=1400
audit(1486652457.661:51): apparmor="DENIED" operation="open" parent=2998
profile="/usr/lib/lightdm/lightdm/lightdm-guest-session-wrapper"
name="/proc/3171/net/arp" pid=3120 comm=4C696E6B204D6F6E69746F72
requested_mask="r" denied_mask="r" fsuid=114 ouid=0
If it's about '/var/log/syslog' file: there are the same informations.
Honestly, I do not know if this is the first time, because I did not pay
any attention on this etc. Anyway, it happened on the 12.04 LTS release
with a default "lightdm-guest-session" profile enforced.
As we can see there is an entry about "/proc/*/net/arp". A couple of months
ago, I've had a similar issue where Firefox was also "DENIED" along with
"/proc/*/net/arp". I'm writing about this, because as a guest, Firefox was
used etc. More informations:
https://lists.ubuntu.com/archives/apparmor/2016-November/010208.html
What is your opinion on this one? Are there some changes needed in the
"lightdm-guest-session" profile? If yes, which ones? To be honest, I'm
seeing such entry for the first time - I mean, for example, flags="*" and
"fsuid=114" (it is related to the 'netdev' group?)
Best regards.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20170209/8040b90d/attachment.html>
More information about the AppArmor
mailing list