Hi again,
Ritesh Raj Sarraf:
> On Tue, 2018-05-29 at 09:26 +0200, intrigeri wrote:
> I assumed that the following snippet in the default policy would mean
> the same.
> /var/lib/apt-cacher-ng/** r,
> /{,var/}run/apt-cacher-ng/* rw,
> @{APT_CACHE_DIR}/ r,
> @{APT_CACHE_DIR}/** rw,
> /var/log/apt-cacher-ng/ r,
> /var/log/apt-cacher-ng/* rw,
> /{,var/}run/systemd/notify w,
I'm curious what made you think that: I see nothing about
/var/cache/apt in there. Note that APT_CACHE_DIR is set to
/var/cache/apt-cacher-ng; perhaps we should rename it to
APT_CACHER_NG_CACHE_DIR if that was the source of the confusion.
>> So I suggest you add to /etc/apparmor.d/local/usr.sbin.apt-cacher-ng
>> the following lines:
>> [...]
>> Please let us know if that's enough to fix the problem for you.
> Yes. Thanks. The `apt-cacher-ng` import feature works back now.
Great!
> But just that it floods the kernel message buffer.
> [ 1762.628138] audit: type=1702 audit(1527579582.902:3127): op=linkat ppid=1
> pid=13666 auid=4294967295 uid=128 gid=140 euid=128 suid=128 fsuid=128 egid=140
> sgid=140 fsgid=140 tty=(none) ses=4294967295 comm="apt-cacher-ng"
> exe="/usr/sbin/apt-cacher-ng" res=0
> [ 1762.628141] audit: type=1302 audit(1527579582.902:3128): item=0
> name="/var/cache/apt/archives/g++-7_7.3.0-19_amd64.deb" inode=2680468
> dev=fd:02
> mode=0100644 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0000000000000000
> cap_fi=0000000000000000 cap_fe=0 cap_fver=0
These seem to be unrelated to AppArmor, see include/uapi/linux/audit.h
(src:linux):
#define AUDIT_PATH 1302 /* Filename path information */
#define AUDIT_ANOM_LINK 1702 /* Suspicious use of file links */
Please try to fully disable (aa-disable) AppArmor confinement for
apt-cacher-ng and then see if these messages still appear: if they do,
then we'll know for sure that AppArmor is not involved :)
Cheers,
--
intrigeri
