The profile="unconfined" in the following line from the logs just means that the process which loaded the new profile is unconfined. The apparmor="STATUS" operation="profile_load" log entries are from the initscript or upstart scripts when they are loading the profiles before executing the program.
audit: type=1400 audit(1432447057.243:13): apparmor="STATUS" operation="profile_load" profile="unconfined" name="/usr/bin/evince- thumbnailer" pid=447 comm="apparmor_parser" If the process loading policy were confined (I believe this is allowed, so long as the process has capability MAC_ADMIN in its policy and has this capability natively) then the confining profile would have been reported here, instead of "unconfined". The important part to remember is that the log events reflect the process that is performing the operation. Thanks -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apparmor in Ubuntu. https://bugs.launchpad.net/bugs/1458288 Title: Some exec appeair on kern.log but on apparmor_status not. Status in apparmor package in Ubuntu: Invalid Bug description: Hi On kern.log some exec listing as unconfined but on apparmor_status not.What is the truth. $ tail -n 40 -f /var/log/kern.log May 24 08:57:38 192-168-0-3 kernel: [ 23.677258] input: HDA Intel Front Headphone as /devices/pci0000:00/0000:00:1b.0/sound/card0/input12 May 24 08:57:38 192-168-0-3 kernel: [ 26.435570] Adding 2084860k swap on /dev/mapper/192--168--0--102--vg-swap_1. Priority:-1 extents:1 across:2084860k FS May 24 08:57:38 192-168-0-3 kernel: [ 29.417288] EXT4-fs (dm-0): re-mounted. Opts: errors=remount-ro May 24 08:57:38 192-168-0-3 kernel: [ 30.101562] EXT4-fs (sda1): mounting ext2 file system using the ext4 subsystem May 24 08:57:38 192-168-0-3 kernel: [ 30.189338] EXT4-fs (sda1): mounted filesystem without journal. Opts: (null) May 24 08:57:38 192-168-0-3 kernel: [ 33.126316] audit: type=1400 audit(1432447037.263:2): apparmor="STATUS" operation="profile_load" profile="unconfined" name="gst_plugin_scanner" pid=447 comm="apparmor_parser" May 24 08:57:38 192-168-0-3 kernel: [ 33.626210] audit: type=1400 audit(1432447037.763:3): apparmor="STATUS" operation="profile_load" profile="unconfined" name="/usr/lib/lightdm/lightdm-guest-session" pid=447 comm="apparmor_parser" May 24 08:57:38 192-168-0-3 kernel: [ 33.626246] audit: type=1400 audit(1432447037.763:4): apparmor="STATUS" operation="profile_load" profile="unconfined" name="chromium" pid=447 comm="apparmor_parser" May 24 08:57:38 192-168-0-3 kernel: [ 35.099402] audit: type=1400 audit(1432447039.235:5): apparmor="STATUS" operation="profile_load" profile="unconfined" name="/sbin/dhclient" pid=447 comm="apparmor_parser" May 24 08:57:38 192-168-0-3 kernel: [ 35.101412] audit: type=1400 audit(1432447039.239:6): apparmor="STATUS" operation="profile_load" profile="unconfined" name="/usr/lib/NetworkManager/nm-dhcp-client.action" pid=447 comm="apparmor_parser" May 24 08:57:38 192-168-0-3 kernel: [ 35.103027] audit: type=1400 audit(1432447039.239:7): apparmor="STATUS" operation="profile_load" profile="unconfined" name="/usr/lib/NetworkManager/nm-dhcp-helper" pid=447 comm="apparmor_parser" May 24 08:57:38 192-168-0-3 kernel: [ 35.104806] audit: type=1400 audit(1432447039.243:8): apparmor="STATUS" operation="profile_load" profile="unconfined" name="/usr/lib/connman/scripts/dhclient-script" pid=447 comm="apparmor_parser" May 24 08:57:38 192-168-0-3 kernel: [ 53.089763] audit: type=1400 audit(1432447057.227:9): apparmor="STATUS" operation="profile_load" profile="unconfined" name="/usr/bin/evince" pid=447 comm="apparmor_parser" May 24 08:57:38 192-168-0-3 kernel: [ 53.093877] audit: type=1400 audit(1432447057.231:10): apparmor="STATUS" operation="profile_load" profile="unconfined" name="sanitized_helper" pid=447 comm="apparmor_parser" May 24 08:57:38 192-168-0-3 kernel: [ 53.098328] audit: type=1400 audit(1432447057.235:11): apparmor="STATUS" operation="profile_load" profile="unconfined" name="/usr/bin/evince-previewer" pid=447 comm="apparmor_parser" May 24 08:57:38 192-168-0-3 kernel: [ 53.100659] audit: type=1400 audit(1432447057.239:12): apparmor="STATUS" operation="profile_load" profile="unconfined" name="sanitized_helper" pid=447 comm="apparmor_parser" May 24 08:57:38 192-168-0-3 kernel: [ 53.104541] audit: type=1400 audit(1432447057.243:13): apparmor="STATUS" operation="profile_load" profile="unconfined" name="/usr/bin/evince-thumbnailer" pid=447 comm="apparmor_parser" May 24 08:57:38 192-168-0-3 kernel: [ 53.106972] audit: type=1400 audit(1432447057.243:14): apparmor="STATUS" operation="profile_load" profile="unconfined" name="sanitized_helper" pid=447 comm="apparmor_parser" May 24 08:57:38 192-168-0-3 kernel: [ 53.114072] audit: type=1400 audit(1432447057.251:15): apparmor="STATUS" operation="profile_load" profile="unconfined" name="/usr/bin/irssi" pid=447 comm="apparmor_parser" May 24 08:57:38 192-168-0-3 kernel: [ 53.122442] audit: type=1400 audit(1432447057.259:16): apparmor="STATUS" operation="profile_load" profile="unconfined" name="/usr/bin/mediascanner-service-2.0" pid=447 comm="apparmor_parser" May 24 08:57:38 192-168-0-3 kernel: [ 53.136378] audit: type=1400 audit(1432447057.275:17): apparmor="STATUS" operation="profile_load" profile="unconfined" name="/usr/bin/pidgin" pid=447 comm="apparmor_parser" May 24 08:57:38 192-168-0-3 kernel: [ 53.136424] audit: type=1400 audit(1432447057.275:18): apparmor="STATUS" operation="profile_load" profile="unconfined" name="launchpad_integration" pid=447 comm="apparmor_parser" May 24 08:57:38 192-168-0-3 kernel: [ 53.955321] cgroup: new mount options do not match the existing superblock, will be ignored May 24 08:57:39 192-168-0-3 kernel: [ 55.503792] rfkill: input handler disabled May 24 08:57:41 192-168-0-3 kernel: [ 57.061478] cfg80211: Calling CRDA to update world regulatory domain May 24 08:57:41 192-168-0-3 kernel: [ 57.149912] cfg80211: World regulatory domain updated: May 24 08:57:41 192-168-0-3 kernel: [ 57.149928] cfg80211: DFS Master region: unset May 24 08:57:41 192-168-0-3 kernel: [ 57.149935] cfg80211: (start_freq - end_freq @ bandwidth), (max_antenna_gain, max_eirp), (dfs_cac_time) May 24 08:57:41 192-168-0-3 kernel: [ 57.149945] cfg80211: (2402000 KHz - 2472000 KHz @ 40000 KHz), (300 mBi, 2000 mBm), (N/A) May 24 08:57:41 192-168-0-3 kernel: [ 57.149954] cfg80211: (2457000 KHz - 2482000 KHz @ 40000 KHz), (300 mBi, 2000 mBm), (N/A) May 24 08:57:41 192-168-0-3 kernel: [ 57.149962] cfg80211: (2474000 KHz - 2494000 KHz @ 20000 KHz), (300 mBi, 2000 mBm), (N/A) May 24 08:57:41 192-168-0-3 kernel: [ 57.149971] cfg80211: (5170000 KHz - 5250000 KHz @ 40000 KHz), (300 mBi, 2000 mBm), (N/A) May 24 08:57:41 192-168-0-3 kernel: [ 57.149980] cfg80211: (5735000 KHz - 5835000 KHz @ 40000 KHz), (300 mBi, 2000 mBm), (N/A) May 24 08:57:41 192-168-0-3 kernel: [ 57.539742] eth0: 0xf840e000, 00:22:15:4b:fd:ce, IRQ 24 May 24 08:57:48 192-168-0-3 kernel: [ 64.600036] r8101: eth0: link up May 24 08:57:51 192-168-0-3 kernel: [ 67.604054] r8101: eth0: link down May 24 08:57:54 192-168-0-3 kernel: [ 70.640020] r8101: eth0: link up May 24 08:58:23 192-168-0-3 kernel: [ 98.895580] perf interrupt took too long (2516 > 2500), lowering kernel.perf_event_max_sample_rate to 50000 May 24 08:58:26 192-168-0-3 gnome-session[1631]: Entering running state May 24 09:05:12 192-168-0-3 kernel: [ 508.457929] perf interrupt took too long (5007 > 5000), lowering kernel.perf_event_max_sample_rate to 25000 $ sudo apparmor_status apparmor module is loaded. 33 profiles are loaded. 27 profiles are in enforce mode. /usr/bin/evince-previewer /usr/bin/evince-previewer//sanitized_helper /usr/bin/evince-thumbnailer /usr/bin/evince-thumbnailer//sanitized_helper /usr/bin/evince//sanitized_helper /usr/bin/irssi /usr/bin/mediascanner-service-2.0 /usr/bin/pidgin /usr/bin/pidgin//launchpad_integration /usr/bin/pidgin//sanitized_helper /usr/bin/totem /usr/bin/totem-audio-preview /usr/bin/totem-video-thumbnailer /usr/lib/cups/backend/cups-pdf /usr/lib/lightdm/lightdm-guest-session /usr/lib/lightdm/lightdm-guest-session//chromium /usr/lib/telepathy/mission-control-5 /usr/lib/telepathy/telepathy-* /usr/lib/telepathy/telepathy-*//pxgsettings /usr/lib/telepathy/telepathy-*//sanitized_helper /usr/lib/telepathy/telepathy-ofono /usr/sbin/apt-cacher-ng /usr/sbin/cups-browsed /usr/sbin/cupsd /usr/sbin/cupsd//third_party /usr/sbin/tcpdump udm-extractor 6 profiles are in complain mode. /sbin/dhclient /usr/bin/evince /usr/lib/NetworkManager/nm-dhcp-client.action /usr/lib/NetworkManager/nm-dhcp-helper /usr/lib/connman/scripts/dhclient-script gst_plugin_scanner 8 processes have profiles defined. 8 processes are in enforce mode. /usr/bin/mediascanner-service-2.0 (1410) /usr/lib/telepathy/mission-control-5 (1909) /usr/sbin/cups-browsed (677) /usr/sbin/cupsd (645) /usr/sbin/cupsd (718) /usr/sbin/cupsd (719) /usr/sbin/cupsd (720) /usr/sbin/cupsd (721) 0 processes are in complain mode. 0 processes are unconfined but have a profile defined. ProblemType: Bug DistroRelease: Ubuntu 15.04 Package: apparmor 2.9.1-0ubuntu9 ProcVersionSignature: Ubuntu 3.19.0-18.18-generic 3.19.6 Uname: Linux 3.19.0-18-generic i686 ApportVersion: 2.17.2-0ubuntu1.1 Architecture: i386 CurrentDesktop: Unity Date: Sun May 24 09:11:54 2015 ProcKernelCmdline: BOOT_IMAGE=/vmlinuz-3.19.0-18-generic root=/dev/mapper/192--168--0--102--vg-root ro splash quiet vt.handoff=7 SourcePackage: apparmor Syslog: May 24 08:57:38 192-168-0-3 dbus[660]: [system] AppArmor D-Bus mediation is enabled UpgradeStatus: No upgrade log present (probably fresh install) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1458288/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : [email protected] Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
