Your message dated Thu, 01 May 2025 14:19:56 +0200 (CEST)
with message-id <20250501121956.e6e04be2...@eldamar.lan>
and subject line Closing this bug (BTS maintenance for src:linux bugs)
has caused the Debian Bug report #872726,
regarding linux: apparmor doesn't use proper audit event ids
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
872726: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=872726
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: linux
Version: 4.12.6-1
Severity: normal
Hi,
Currently the code in the kernel is not using the expected audit event
ids (it's using the one allocated to SELinux, 1400 to 1499) when it's
logging its messages (denials,...).
This has been discussed on the linux-audit back to 2014 and again in
2016, but it seems that nothing has moved. This makes auseach and other
audit tools not list these messages as they are seen as invalids.
Upstream of the audit framework insists that AppArmor should use
events ids from the range that has been allocated to them (1500-1599).
AFAIKS, the apparmor userspace is already supporting messaging from both
ranges (would be nice if this was confirmed).
IMVHO, in regard to the recent proposal of enabling apparmor in debian
by default, this needs to be addressed first.
Regards,
Laurent Bigonville
-- System Information:
Debian Release: buster/sid
APT prefers unstable-debug
APT policy: (500, 'unstable-debug'), (500, 'unstable'), (1,
'experimental-debug'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 4.12.0-1-amd64 (SMP w/8 CPU cores)
Locale: LANG=fr_BE.UTF-8, LC_CTYPE=fr_BE.UTF-8 (charmap=UTF-8),
LANGUAGE=fr_BE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
--- End Message ---
--- Begin Message ---
Hi
This bug was filed for a (very) old kernel or the bug is old itself
without resolution. Maybe it was for a feature enablement which nobody
acted on. We are sorry we were not able to timely deal with this issue.
There are many open bugs for the src:linux package and thus we are
closing older bugs where it's unclear if they still occur in newer
versions and are still relevant to the reporter. For an overview see:
https://bugs.debian.org/src:linux .
If you can reproduce your issue with
- the current version in unstable/testing
- the latest kernel from backports
or, if it was a feature addition/wishlist and still consider it
relevant, then:
Please reopen the bug, see https://www.debian.org/Bugs/server-control
for details.
Please try to provide as much fresh details including kernel logs where
relevant. In particular were an issue is coupled with specific hardware we
might ask you to do additional debugging on your side as the owner of the
hardware.
Regards,
Salvatore
--- End Message ---
