[Apparmor-general] aa-genprof: UNHANDLED
jesse michael
jmichael at suse.de
Fri Jun 15 16:24:13 MDT 2007
On Fri, Jun 15, 2007 at 04:45:16PM -0300, Andreas Hasenack wrote:
> I'm trying aa-genprof on /sbin/rpcbind (portmapper substitute) but get
> nothing out of it. When enabling debug, I see that all events are
> tagged as UNHANDLED:
>
> (...)
> UI_Info: text: Reading log entries from /var/log/messages.
> UI_Info: text: Updating AppArmor profiles in /etc/apparmor.d.
> UNHANDLED: Jun 15 16:40:53 pandora kernel: audit(1181936453.840:61): PERMITTING w access to /var/run/rpcbind.lock (15782 profile /sbin/rpcbind active /sbin/rpcbind)
> UNHANDLED: Jun 15 16:40:53 pandora kernel: audit(1181936453.840:62): PERMITTING r access to /etc/netconfig (15782 profile /sbin/rpcbind active /sbin/rpcbind)
> UNHANDLED: Jun 15 16:40:53 pandora kernel: audit(1181936453.840:63): PERMITTING r access to /etc/netconfig (15782 profile /sbin/rpcbind active /sbin/rpcbind)
> UNHANDLED: Jun 15 16:40:53 pandora kernel: audit(1181936453.840:64): PERMITTING w access to /var/run/rpcbind.sock (15782 profile /sbin/rpcbind active /sbin/rpcbind)
> (...)
>
> Is it some string pattern mismatch?
Yeah, sorry, we recently removed task->comm from the messages that are output because there wasn't a safe way to get that in some cases, but it seems that
the user tools weren't updated to deal with that. I'll get it fixed, thanks.
More information about the Apparmor-general
mailing list