AppArmor does not log anything in complain context

Kernels & Hardware, configuring network, installing services

AppArmor does not log anything in complain context

Postby asteriskUser » 2017-04-18 08:56

Hi All,

I might need your help with one issue I've encountered. I'm running Debian with the 4.9.20 kernel.

I've compiled the kernel with the options for AppArmor enabled. The installed AppArmor version is the 2.10.95 (auditd is also installed in version 1:2.4-1+b1).

## Kernel Options ##
CONFIG_SECURITY=y
CONFIG_SECURITYFS=y
CONFIG_SECURITY_APPARMOR=y
CONFIG_SECURITY_APPARMOR_BOOTPARAM_VALUE=1
CONFIG_DEFAULT_SECURITY_APPARMOR=y
CONFIG_DEFAULT_SECURITY="apparmor"
CONFIG_SECCOMP=y
CONFIG_SECCOMP_FILTER=y
CONFIG_AUDIT=y
## ##

AppArmor itself is working without any issues. If profile is set to enforce mode, then any not allowed operation is being blocked and logged accordingly.

The problem I'm facing now is that AppArmor is not logging anything in complain mode, which makes it very difficult to create a new profile for applications. The strange thing is, that all actions get logged in enforce mode perfectly... (e.g. Apr 17 14:21:56 localhost kernel: [ 2913.082774] audit: type=1400 audit(1492435316.208:54): apparmor="DENIED" operation="open" profile="/usr/sbin/nginx" name="/etc/nginx/nginx.conf" pid=4260 comm="nginx" requested_mask="r" denied_mask="r" fsuid=0 ouid=0)

Does anyone have a cloue what's wrong?

I'd be greateful for any hints. :)

Kind regards,
Viktor
asteriskUser
 
Posts: 2
Joined: 2017-04-18 08:53

Re: AppArmor does not log anything in complain context

Postby arochester » 2017-04-18 09:16

I see that you have posted on the Armbian Forum.

Armbian might be "based" on Debian. That is almost meaningless.

130 distros are "based" on Debian. Nearly 2/3 of all Linux distros are "based" on Debian.
Things get added, things get taken away and things get changed. We cannot know all of the variations.

This is Debian User Forum for people who use...Debian. Not derivatives.
"Something to be aware of: Debian is a core or source distribution. This means there are many Debian-based distributions. THEY ARE NOT DEBIAN."
arochester
 
Posts: 1091
Joined: 2010-12-07 19:55

Re: AppArmor does not log anything in complain context

Postby asteriskUser » 2017-04-18 09:25

Hi arochester,

thank you for your reply.

To me it looks more like an configuration issue of AppArmor itself, rather then and compilation issue of armbian, as the main functionality is present.

I'm hoping that someone might have had the same issue or is more experienced to point the finger at it.

I'd like to keep this topic open for a few days and then close it if there wasn't a response.

Thanks,
Viktor
asteriskUser
 
Posts: 2
Joined: 2017-04-18 08:53


Return to System configuration

Who is online

Users browsing this forum: No registered users and 4 guests

fashionable