`aa-log` skips `/dev/urandom` #534

beroal · 2024-09-29T14:17:33Z

Log:

type=AVC msg=audit(1727368762.260:21147): apparmor="DENIED" operation="file_inherit" class="file" profile="briar-desktop" name="/dev/pts/0" pid=88450 comm="briar-desktop" requested_mask="wr" denied_mask="wr" fsuid=1001 ouid=1001�FSUID="user" OUID="user"
type=AVC msg=audit(1727368762.267:21148): apparmor="DENIED" operation="open" class="file" profile="briar-desktop" name="/proc/88450/mountinfo" pid=88450 comm="java" requested_mask="r" denied_mask="r" fsuid=1001 ouid=1001�FSUID="user" OUID="user"
type=AVC msg=audit(1727368762.267:21149): apparmor="DENIED" operation="mkdir" class="file" profile="briar-desktop" name="/tmp/hsperfdata_user/" pid=88450 comm="java" requested_mask="c" denied_mask="c" fsuid=1001 ouid=1001�FSUID="user" OUID="user"
type=AVC msg=audit(1727368762.784:21150): apparmor="DENIED" operation="open" class="file" profile="briar-desktop" name="/dev/urandom" pid=88450 comm="java" requested_mask="wc" denied_mask="wc" fsuid=1001 ouid=0�FSUID="user" OUID="root"
type=AVC msg=audit(1727368763.354:21151): apparmor="DENIED" operation="mkdir" class="file" profile="briar-desktop" name="/home/user/.skiko/51ffc79b686a0ae634dad1219048c160a5dd93b510dbe0d0f1e8b363423bd05a/" pid=88450 comm="AWT-EventQueue-" requested_mask="c" denied_mask="c" fsuid=1001 ouid=1001�FSUID="user" OUID="user"
type=AVC msg=audit(1727368763.354:21152): apparmor="DENIED" operation="mkdir" class="file" profile="briar-desktop" name="/home/user/.skiko/51ffc79b686a0ae634dad1219048c160a5dd93b510dbe0d0f1e8b363423bd05a/" pid=88450 comm="AWT-EventQueue-" requested_mask="c" denied_mask="c" fsuid=1001 ouid=1001�FSUID="user" OUID="user"

aa-log -R prints:

apparmor="DENIED" operation="file_inherit" class="file" profile="briar-desktop" name="/dev/pts/0"  comm="briar-desktop" requested_mask="wr" denied_mask="wr" fsuid=1001 ouid=1001 FSUID="user" OUID="user"
apparmor="DENIED" operation="open" class="file" profile="briar-desktop" name="/proc/88450/mountinfo"  comm="java" requested_mask="r" denied_mask="r" fsuid=1001 ouid=1001 FSUID="user" OUID="user"
apparmor="DENIED" operation="mkdir" class="file" profile="briar-desktop" name="/tmp/hsperfdata_user/"  comm="java" requested_mask="c" denied_mask="c" fsuid=1001 ouid=1001 FSUID="user" OUID="user"
apparmor="DENIED" operation="mkdir" class="file" profile="briar-desktop" name="/home/user/.skiko/51ffc79b686a0ae634dad1219048c160a5dd93b510dbe0d0f1e8b363423bd05a/"  comm="AWT-EventQueue-" requested_mask="c" denied_mask="c" fsuid=1001 ouid=1001 FSUID="user" OUID="user"

The text was updated successfully, but these errors were encountered:

roddhjav · 2024-10-01T18:15:29Z

Hum, it is a feature because /dev/urandom r, is in the base abstraction. However, /dev/urandom rw, is not...

beroal · 2024-10-02T08:08:29Z

Hum, it is a feature because /dev/urandom r, is in the base abstraction. However, /dev/urandom rw, is not...

Do you need to filter it? The base abstraction is included in every profile. Thus /dev/urandom r, shouldn't appear in the log.

roddhjav · 2024-10-02T11:35:23Z

Yes, it is needed when in complain mode apparmor transition to a temporary profile (foo//usr/bin/bash)

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

`aa-log` skips `/dev/urandom` #534

`aa-log` skips `/dev/urandom` #534

beroal commented Sep 29, 2024

roddhjav commented Oct 1, 2024

beroal commented Oct 2, 2024

roddhjav commented Oct 2, 2024

aa-log skips /dev/urandom #534

aa-log skips /dev/urandom #534

Comments

beroal commented Sep 29, 2024

roddhjav commented Oct 1, 2024

beroal commented Oct 2, 2024

roddhjav commented Oct 2, 2024

`aa-log` skips `/dev/urandom` #534

`aa-log` skips `/dev/urandom` #534