[Apparmor-general] problem with profiling sshd under OpenSuSE 10.2
ps
ps at icpnet.pl
Sat Feb 3 15:18:02 MST 2007
Hello
I have recently spent few days playing with AppArmor on my OpenSuSE 10.2
box. I wanted to create AppArmor profile for my ssh server. I transfered
usr.sbin.sshd file which is shipped with OpenSuSE 10.2 to /etc/apparmor.d
I reloaded AppArmor(command: rcapparmor restart) and stated ssh server.
It seemed OK but when I tried log in I saw some log trails in
/var/log/audid/audit.log:
type=APPARMOR msg=audit(1170534772.421:7743): REJECTING access to
capability 'invalid-capability' (sshd(18736) profile /usr/sbin/sshd
active /usr/sbin/sshd)
and in /var/log/messages:
Feb 3 21:32:52 pacer sshd[18733]: Accepted keyboard-interactive/pam for
piter from 127.0.0.1 port 57565 ssh2
Feb 3 21:32:52 pacer sshd[18736]: pam_loginuid(sshd:session):
set_loginuid failed
Feb 3 21:32:52 pacer sshd[18736]: error: PAM: pam_open_session():
Cannot make/remove an entry for the specified session
I have typical PAM configuration my linux box, I didn't change anything
since first installation. I guess this strange log trails weren't my cause.
Can anyone explain me what is wrong with this standard profile shipped
with OpeSuSE 10.2 or is there any bug in AppArmor implementation in the
newest OpenSuSE;)
Thanks for any answer and explanation:)
Peter
More information about the Apparmor-general
mailing list