Source: tcpdump Version: 4.99.3-1 tags: patch Hello, we found in Ubuntu [1] (but there is no need to think that this isn't an issue with Debian too) that from a SSH session inside a container the output can't be shown, due to apparmor denying wirtes to /dev/pts/ (something that is tried by tcpdump).
To reproduce, create an lxd container, launch it, and run tcpdump -i eth0 -nn not tcp port 22 If you ping now the ip of the container, you won't be able to see output even after pressing ctrl+c. The kernel logs will instead see lots of DENIED strings from apparmor [ 575.438349] audit: type=1400 audit(1676055298.285:164): apparmor="DENIED" operation="file_inherit" namespace="root//lxd-peaceful-rattler_<var-snap-lxd-common-lxd>" profile="/usr/sbin/tcpdump" name="/dev/pts/1" pid=7922 comm="tcpdump" requested_mask="wr" denied_mask="wr" fsuid=1000000 ouid=1000000 The patch is trivial, and in Debian packaging: diff -Nru tcpdump-4.99.1/debian/usr.bin.tcpdump tcpdump-4.99.1/debian/usr.bin.tcpdump --- tcpdump-4.99.1/debian/usr.bin.tcpdump 2022-05-08 16:24:57.000000000 +0000 +++ tcpdump-4.99.1/debian/usr.bin.tcpdump 2023-02-10 18:15:53.000000000 +0000 @@ -64,6 +64,10 @@/usr/bin/tcpdump mr, + # allow printing to stdout/stderr when inside a container
+ # (LP: #1667016) + /dev/pts/* rw, + # Site-specific additions and overrides. See local/README for details. #include <local/usr.bin.tcpdump> } thanks for considering it Gianfranco [1] https://bugs.launchpad.net/ubuntu/+source/tcpdump/+bug/1667016
OpenPGP_signature
Description: OpenPGP digital signature
