> ... apparmor="DENIED" operation="create" ... family="unix" sock_type="stream"
With the pinned-down feature set, you probably "lost" support for unix rules. In theory, apparmor_parser will downgrade those rules to "network unix," - but in practise a bug in apparmor_parser prevented it.This bug was fixed in the point releases some days ago. Can you please test with the latest apparmor_parser? "Latest" means 2.11.1, 2.10.3 or 2.9.5 - or, if you want to test only the bugfix, apply the patch from bzr trunk r3700 - http://bazaar.launchpad.net/~apparmor- dev/apparmor/master/revision/3700 -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apparmor in Ubuntu. https://bugs.launchpad.net/bugs/1721278 Title: apparmor="DENIED" operation="create" profile="/usr/sbin/cups-browsed" w/ 4.14-rc2 and later Status in apparmor package in Ubuntu: Confirmed Status in apparmor source package in Xenial: Confirmed Status in apparmor source package in Zesty: Confirmed Status in apparmor source package in Artful: Confirmed Bug description: With Ubuntu 16.04.3 LTS (Xenial Xerus), and apparmor 2.10.95-0ubuntu2.7, in the system log each second the error message below is printed to. ``` […] [Mi Okt 4 16:57:52 2017] audit: type=1400 audit(1507129072.882:554): apparmor="DENIED" operation="create" profile="/usr/sbin/cups-browsed" pid=939 comm="cups-browsed" family="unix" sock_type="stream" protocol=0 requested_mask="create" denied_mask="create" [Mi Okt 4 16:57:53 2017] audit: type=1400 audit(1507129073.886:555): apparmor="DENIED" operation="create" profile="/usr/sbin/cups-browsed" pid=939 comm="cups-browsed" family="unix" sock_type="stream" protocol=0 requested_mask="create" denied_mask="create" [Mi Okt 4 16:57:54 2017] audit: type=1400 audit(1507129074.886:556): apparmor="DENIED" operation="create" profile="/usr/sbin/cups-browsed" pid=939 comm="cups-browsed" family="unix" sock_type="stream" protocol=0 requested_mask="create" denied_mask="create" [Mi Okt 4 16:57:55 2017] audit: type=1400 audit(1507129075.886:557): apparmor="DENIED" operation="create" profile="/usr/sbin/cups-browsed" pid=939 comm="cups-browsed" family="unix" sock_type="stream" protocol=0 requested_mask="create" denied_mask="create" […] ``` To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1721278/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
