On 2019-01-09 08:01:47 [+0000], Witold Baryluk wrote: intrigeri, halp :) The good news is that I addressed the other two apparmor related bugs. Now, I got a new one that reached my capacity:
> Here is dmesg output for the latest run: > > [129772.521856] audit: type=1400 audit(1547018290.209:137): apparmor="DENIED" > operation="open" info="Failed name lookup - disconnected path" error=-13 > profile="/usr/bin/freshclam" > name="rw/var/lib/clamav/clamav-04b5173347cb0c1d9e2ea3e4368bb16e.tmp/clamav-518334e079d58dabbb7a3fab5d785ae3.tmp" > pid=1788 comm="freshclam" requested_mask="r" denied_mask="r" fsuid=110 > ouid=110 > [129772.521920] audit: type=1400 audit(1547018290.209:138): apparmor="DENIED" > operation="open" info="Failed name lookup - disconnected path" error=-13 > profile="/usr/bin/freshclam" > name="rw/var/lib/clamav/clamav-04b5173347cb0c1d9e2ea3e4368bb16e.tmp/clamav-518334e079d58dabbb7a3fab5d785ae3.tmp" > pid=1788 comm="freshclam" requested_mask="r" denied_mask="r" fsuid=110 > ouid=110 > [129772.521952] audit: type=1400 audit(1547018290.209:139): apparmor="DENIED" > operation="open" info="Failed name lookup - disconnected path" error=-13 > profile="/usr/bin/freshclam" > name="rw/var/lib/clamav/clamav-04b5173347cb0c1d9e2ea3e4368bb16e.tmp" pid=1788 > comm="freshclam" requested_mask="r" denied_mask="r" fsuid=110 ouid=110 > > > It appears this is somehow related to overlay or tmpfs > > tmpfs on /run type tmpfs (rw,nosuid,noexec,relatime,size=6590668k,mode=755) > /dev/sda1 on /run/live/medium type iso9660 > (ro,noatime,nojoliet,check=s,map=n,blocksize=2048) > /dev/loop0 on /run/live/rootfs/filesystem.squashfs type squashfs (ro,noatime) > tmpfs on /run/live/overlay type tmpfs (rw,noatime,mode=755) > overlay on / type overlay > (rw,noatime,lowerdir=/run/live/rootfs/filesystem.squashfs/,upperdir=/run/live/overlay/rw,workdir=/run/live/overlay/work) > tmpfs on /usr/lib/live/mount type tmpfs > (rw,nosuid,noexec,relatime,size=6590668k,mode=755) > /dev/sda1 on /usr/lib/live/mount/medium type iso9660 > (ro,noatime,nojoliet,check=s,map=n,blocksize=2048) > /dev/loop0 on /usr/lib/live/mount/rootfs/filesystem.squashfs type squashfs > (ro,noatime) > tmpfs on /usr/lib/live/mount/overlay type tmpfs (rw,noatime,mode=755) So the rules are correct in general but due to the overlay the pathname gets a rw at the front of the path. Is there something I need to include to profile or is this something that is not supported? Sebastian
