[Bug 2052493] [NEW] apparmor profile does not allow for rotating savefiles using the -C and -W options

[Launchpad Bug Tracker]

You have been subscribed to a public bug by Georgia Garcia (georgiag):


[ Impact ] 

AppArmor was denying the creation of .pcap files ending in digits which
is required by the -W parameter of tcpdump. This issue had already been
fixed upstream
https://salsa.debian.org/rfrancoise/tcpdump/-/commit/7dcc3736cd19f2ae7ee45b7835646ab50437980a
and currently only affect focal and jammy.

I also added the permission for reading and writing of .cap and .pcapng
files which were already allowed upstream as well.

[ Test Plan ]

mkdir /test
chmod 777 /test
tcpdump -Z root -ni any -s 0 -w /test/pcap.pcap -C 500 -W 500 host 1.1.1.1

Result:
tcpdump: /test/pcap.pcap000: Permission denied

Expected result:
tcpdump: listening on any, link-type LINUX_SLL (Linux cooked v1), capture size 262144 bytes

The cause is the apparmor profile: /etc/apparmor.d/usr.sbin.tcpdump
  # for -r, -F and -w
  /**.[pP][cC][aA][pP] rw,

[ Where problems could occur ]

The risk of allowing read and write to .pcap+digits is very minor
considering that reading and writing to .pcap is already allowed by
policy. Additionally, these rules are a requirement for the application
to work properly.

[ Other Info ]
 
Upstream commits:
https://salsa.debian.org/rfrancoise/tcpdump/-/commit/8763a4461751b2bf746d5f0ce7be253c44b6ac7f
https://salsa.debian.org/rfrancoise/tcpdump/-/commit/7dcc3736cd19f2ae7ee45b7835646ab50437980a
https://salsa.debian.org/rfrancoise/tcpdump/-/commit/c58462999b5e66a4564ec81062b049c45933bc8b

** Affects: tcpdump (Ubuntu)
     Importance: Undecided
         Status: New

-- 
apparmor profile does not allow for rotating savefiles using the -C and -W options
https://bugs.launchpad.net/bugs/2052493
You received this bug notification because you are a member of Ubuntu Sponsors, which is subscribed to the bug report.