[Apparmor-general] aa-genprof: UNHANDLED
Andreas Hasenack
andreas at mandriva.com.br
Tue Jun 19 11:32:21 MDT 2007
On Sat, Jun 16, 2007 at 10:56:02AM -0300, Andreas Hasenack wrote:
> On Friday 15 June 2007 19:11:06 Seth Arnold wrote:
> > On Fri, Jun 15, 2007 at 04:45:16PM -0300, Andreas Hasenack wrote:
> > > I'm trying aa-genprof on /sbin/rpcbind (portmapper substitute) but get
> > > nothing out of it. When enabling debug, I see that all events are
> > > tagged as UNHANDLED:
> > >
> > > (...)
> > > UI_Info: text: Reading log entries from /var/log/messages.
> > > UI_Info: text: Updating AppArmor profiles in /etc/apparmor.d.
> > > UNHANDLED: Jun 15 16:40:53 pandora kernel: audit(1181936453.840:61):
> > > PERMITTING w access to /var/run/rpcbind.lock (15782 profile
> > > /sbin/rpcbind active /sbin/rpcbind)
> >
> > Andreas, try adding --with-apparmor to the audit ./configure command.
>
> Hmm, I'm not using audit, so I guess that must be it :)
>
I built audit (1.5.3), as well as updated all apparmor packages to svn from a
few days ago. Still getting unhandled:
UI_Info: text: Reading log entries from /var/log/audit/audit.log.
UI_Info: text: Updating AppArmor profiles in /etc/apparmor.d.
UNHANDLED: type=APPARMOR msg=audit(1182274085.348:79): PERMITTING r access to /proc/net/raw (20993 profile /bin/netstat active /bin/netstat)
UNHANDLED: type=APPARMOR msg=audit(1182274126.850:80): PERMITTING m access to /usr/share/locale/pt_BR.UTF-8/LC_IDENTIFICATION (20998 profile /bin/netstat active /bin/netstat)
(....)
So the problem is what Jesse Michael mentioned elsewhere in this thread?
More information about the Apparmor-general
mailing list