Package: libapache2-mod-apparmor
Version: 2.13.6-10
Severity: minor
File: /etc/apparmor.d/usr.sbin.apache2
Hi AppArmor maintainers,
I noticed if I (or a script) ran "ss -tnlp" then my logs would show a
lot of lines like:
audit: type=1400 audit(1641349042.460:2559): apparmor="DENIED"
operation="ptrace" profile="apache2//HANDLING_UNTRUSTED_INPUT" pid=2792993
comm="ss" requested_mask="readby" denied_mask="readby" peer="/bin/ss"
So ss is doing a ptrace on all the network listeners. The odd thing is
that apache is the only one to complain about this even though other
daemons listed have their own apparmor profiles.
I had to add the following line to the HANDLING_UNTRUSTED_INPUT stanza:
ptrace readby peer=/bin/ss,
- Craig
-- System Information:
Debian Release: 11.2
APT prefers stable
APT policy: (990, 'stable'), (500, 'stable-updates'), (500,
'stable-security'), (500, 'testing'), (1, 'experimental')
Architecture: amd64 (x86_64)
Kernel: Linux 5.10.0-10-amd64 (SMP w/1 CPU thread)
Locale: LANG=en_AU.UTF-8, LC_CTYPE=en_AU.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Versions of packages libapache2-mod-apparmor depends on:
ii apache2-bin [apache2-api-20120211] 2.4.51-1~deb11u1
ii libapparmor1 2.13.6-10
ii libc6 2.31-13+deb11u2
libapache2-mod-apparmor recommends no packages.
libapache2-mod-apparmor suggests no packages.
-- Configuration Files:
/etc/apparmor.d/usr.sbin.apache2 changed:
-- no debconf information
