search for: requested_mask

...ced here: https://bugs.chromium.org/p/chromium/issues/detail?id=784062 details: this should effect chrom-os too, https://chromium.googlesource.com/chromiumos/third_party/drm/+/292da616fe1f936ca78a3fa8e1b1b19883e343b6/nouveau/nouveau.h this is the kernel stack: comm="webbrowser-app" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0 Nov 10 11:22:13 nitro kernel: [ 53.352636] audit: type=1400 audit(1510305733.908:25): apparmor="DENIED" operation="connect" profile="webbrowser-app" pid=1903 comm="webbrowser-app" family="unix&q...

...tab > chmod 640 /var/lib/samba/private/dns.keytab journalctl shows this. May 14 14:22:32 audit[2117]: AVC apparmor="DENIED" operation="file_lock" profile="/usr/sbin/named" name="/var/lib/samba/private/dns.keytab" pid=2117 comm="isc-worker0000" requested_mask="k" denied_mask="k" fsuid=111 ouid=0 May 14 14:22:32 kernel: audit: type=1400 audit(1557865352.085:35): apparmor="DENIED" operation="file_lock" profile="/usr/sbin/named" name="/var/lib/samba/private/dns.keytab" pid=2117 comm="isc-w...

...type=1400 audit(1544366153.379:3035): apparmor="DENIED" operation="file_mmap" info="Failed name lookup - disconnected path" error=-13 profile="/usr/lib/dovecot/indexer-worker" name="var/cache/nscd/hosts" pid=10540 comm="indexer-worker" requested_mask="r" denied_mask="r" fsuid=1001 ouid=0 ------------ The indexer worker is trying to open the file "var/cache/nscd/hosts" instead of "/var/cache/nscd/hosts", which of course fails. Can someone double check the code of the indexer worker, or this has been f...

...n trusted keys from file '/etc/bind/bind.keys' Nov 23 10:12:12 debpdc audit[16080]: AVC apparmor="DENIED" operation="file_mmap" profile="/usr/sbin/named" name="/usr/lib/x86_64-linux-gnu/samba/bind9/dlz_bind9_10.so" pid=16080 comm="named" requested_mask="m" denied_mask="m" fsuid=109 ouid=0 Nov 23 10:12:12 debpdc named[16080]: dlz_dlopen failed to open library '/usr/lib/x86_64-linux-gnu/samba/bind9/dlz_bind9_10.so' - /usr/lib/x86_64-linux-gnu/samba/bind9/dlz_bind9_10.so: failed to map segment from shared object Nov 23...

....379:3035): apparmor="DENIED" operation="file_mmap" >> info="Failed name lookup - disconnected path" error=-13 >> profile="/usr/lib/dovecot/indexer-worker" name="var/cache/nscd/hosts" >> pid=10540 comm="indexer-worker" requested_mask="r" denied_mask="r" >> fsuid=1001 ouid=0 >> ------------ >> >> The indexer worker is trying to open the file "var/cache/nscd/hosts" >> instead of "/var/cache/nscd/hosts", which of course fails. >> >> Can someone d...

...b: 18 callbacks suppressed Oct 16 12:15:21 dtdc03 kernel: [ 2033.472704] audit: type=1400 audit(1476638121.877:194): apparmor="DENIED" operation="open" profile="/usr/sbin/named" name="/usr/local/samba/lib/bind9/dlz_bind9_10.so" pid=2263 comm="named" requested_mask="r" denied_mask="r" fsuid=113 ouid=0 Oct 16 12:15:21 dtdc03 named[2260]: exiting (due to fatal error) Oct 16 12:15:21 dtdc03 systemd[1]: bind9.service: Main process exited, code=exited, status=1/FAILURE Oct 16 12:15:21 dtdc03 rndc[2267]: rndc: connect failed: 127.0.0.1#953: conn...

...:15:21 dtdc03 kernel: [ 2033.472704] audit: type=1400 >> audit(1476638121.877:194): apparmor="DENIED" operation="open" >> profile="/usr/sbin/named" >> name="/usr/local/samba/lib/bind9/dlz_bind9_10.so" pid=2263 >> comm="named" requested_mask="r" denied_mask="r" fsuid=113 ouid=0 >> Oct 16 12:15:21 dtdc03 named[2260]: exiting (due to fatal error) >> Oct 16 12:15:21 dtdc03 systemd[1]: bind9.service: Main process exited, >> code=exited, status=1/FAILURE >> Oct 16 12:15:21 dtdc03 rndc[2267]: rndc:...

...t;audit(1544366153.379:3035): apparmor="DENIED" operation="file_mmap" >info="Failed name lookup - disconnected path" error=-13 >profile="/usr/lib/dovecot/indexer-worker" name="var/cache/nscd/hosts" >pid=10540 comm="indexer-worker" requested_mask="r" denied_mask="r" >fsuid=1001 ouid=0 >>>> ------------ >>>> The indexer worker is trying to open the file >"var/cache/nscd/hosts" instead of "/var/cache/nscd/hosts", which of >course fails. >>>> Can someone doubl...

...ate/dns.keytab > > journalctl shows this. > > May 14 14:22:32 audit[2117]: AVC apparmor="DENIED" operation="file_lock" > > profile="/usr/sbin/named" name="/var/lib/samba/private/dns.keytab" > > pid=2117 comm="isc-worker0000" requested_mask="k" denied_mask="k" > > fsuid=111 ouid=0 > > May 14 14:22:32 kernel: audit: type=1400 audit(1557865352.085:35): > > apparmor="DENIED" operation="file_lock" profile="/usr/sbin/named" > > name="/var/lib/samba/private/dns.k...

...mgtsciences.com wrote: > > > > May 14 14:22:32 audit[2117]: AVC apparmor="DENIED" > operation="file_lock" > > > profile="/usr/sbin/named" name="/var/lib/samba/private/dns.keytab" > > > pid=2117 comm="isc-worker0000" requested_mask="k" denied_mask="k" > > > fsuid=111 ouid=0 > > > May 14 14:22:32 kernel: audit: type=1400 audit(1557865352.085:35): > > > apparmor="DENIED" operation="file_lock" profile="/usr/sbin/named" > > > name="/var/lib...

...d > Oct 16 12:15:21 dtdc03 kernel: [ 2033.472704] audit: type=1400 > audit(1476638121.877:194): apparmor="DENIED" operation="open" > profile="/usr/sbin/named" > name="/usr/local/samba/lib/bind9/dlz_bind9_10.so" pid=2263 > comm="named" requested_mask="r" denied_mask="r" fsuid=113 ouid=0 > Oct 16 12:15:21 dtdc03 named[2260]: exiting (due to fatal error) > Oct 16 12:15:21 dtdc03 systemd[1]: bind9.service: Main process exited, > code=exited, status=1/FAILURE > Oct 16 12:15:21 dtdc03 rndc[2267]: rndc: connect failed:...

...dyndns.sh exit status 32256 Jun 27 10:55:07 server5-ad kernel: [ 1396.188371] audit: type=1400 audit(1561596907.856:94): apparmor="DENIED" operation="open" profile="/usr/sbin/dhcpd" name="/usr/local/bin/dhcp-dyndns.sh" pid=2557 comm="dhcp-dyndns.sh" requested_mask="r" denied_mask="r" fsuid=112 ouid=0 Jun 27 10:55:07 server5-ad dhcpd[2525]: DHCPRELEASE of 192.168.14.198 from 00:50:56:9b:37:9b (WIN7VM01) via ens160 (found) Jun 27 10:55:07 server5-ad dhcpd[2525]: Removed reverse map on 198.14.168.192.in-addr.arpa. Jun 27 10:55:09 server5-ad...

On 26/06/2019 11:32, Praveen Ghimire wrote: > Hi Rowland, > > I have tried putting the whole rev-domain name. The following is the dhcpd.conf zone definition > > subnet 192.168.14.0 netmask 255.255.255.0 { > authoritative; > ddns-update-style standard; > option netbios-name-servers 192.168.14.10; #14.10 is the AD box > option

...0 mail kernel: audit: type=1400 audit(1521199510.705:580): apparmor="DENIED" operation="file_mmap" info="Failed name lookup - disconnected path" error=-13 profile="/usr/lib/dovecot/auth" name="var/cache/nscd/hosts" pid=26797 comm="auth" requested_mask="r" denied_mask="r" fsuid=0 ouid=0 With 'name="var/cache/nscd/hosts"', is there any missing '/' at the beginning of the path, somewhere? The version is: 1:2.2.27-3+deb9u2 Thanks for your advices, Andr? Rodier. -- https://github.com/progmaticltd/...

...it: type=1400 audit(1544366153.379:3035): apparmor="DENIED" operation="file_mmap" info="Failed name lookup - disconnected path" error=-13 profile="/usr/lib/dovecot/indexer-worker" name="var/cache/nscd/hosts" pid=10540 comm="indexer-worker" requested_mask="r" denied_mask="r" fsuid=1001 ouid=0 > ------------ > > The indexer worker is trying to open the file "var/cache/nscd/hosts" instead of "/var/cache/nscd/hosts", which of course fails. > > Can someone double check the code of the indexer work...

...it: type=1400 audit(1544366153.379:3035): apparmor="DENIED" operation="file_mmap" info="Failed name lookup - disconnected path" error=-13 profile="/usr/lib/dovecot/indexer-worker" name="var/cache/nscd/hosts" pid=10540 comm="indexer-worker" requested_mask="r" denied_mask="r" fsuid=1001 ouid=0 >>> ------------ >>> The indexer worker is trying to open the file "var/cache/nscd/hosts" instead of "/var/cache/nscd/hosts", which of course fails. >>> Can someone double check the code of the...

...I send a mail: Mar 28 22:21:47 mailng kernel: [3150146.825007] audit: type=1400 audit(1553808107.757:286204): apparmor="DENIED" operation="open" profile="/usr/lib/dovecot/dovecot-lda" name="/usr/share/dovecot/protocols.d/" pid=26197 comm="doveconf" requested_mask="r" denied_mask="r" fsuid=5000 ouid=0 The /usr/share/dovecot/protocols.d/ directory and its content (.../protocols.d/**) set up in usr.lib.dovecot.dovecot-lda apparmor profile with mask "r", but this line every time comes, when I send a mail through webmail - think wh...

...p because bind is trying to create a file in /var/tmp: Jun 17 14:59:06 trusty kernel: [ 9163.550869] type=1400 audit(1403013546.668:222): apparmor="DENIED" operation="mknod" profile="/usr/sbin/named" name="/var/tmp/DNS_107" pid=9281 comm="named" requested_mask="c" denied_mask="c" fsuid=107 ouid=107 I can fix this with: /var/tmp/DNS_* rw, but this just seems wrong to me; it would be better to tell bind to use a proper directory like /var/cache/bind. Anyone have any idea why bind is writing to /var/tmp? I can see nothing in my con...

...appears to be an apparmor denial for mknod: [250108.632450] type=1400 audit(1415994657.679:152): apparmor="DENIED" operation="mknod" profile="libvirt-2fd2ec54-f644-228e-08ba-297c8b304153" name="/home/dave/vm1.agent" pid=21856 comm="qemu-system-x86" requested_mask="c" denied_mask="c" fsuid=112 ouid=112 I can add a line to /etc/apparmor.d/abstractions/libvirt-qemu similar to: owner /home/dave/vm1.agent rw, After restarting apparmor, this gets rid of the apparmor complaint, but I still get the same error from 'virsh create vm1.xml...

...sage pop up today when adding a machine to the domain. Mar 10 14:03:44 server kernel: [ 6809.180969] type=1400 audit(1394420624.565:26): apparmor="DENIED" operation="open" parent=1 profile="/usr/sbin/named" name="/dev/urandom" pid=1491 comm="named" requested_mask="wc" denied_mask="wc" fsuid=107 ouid=0 The PC was actually added to DNS so I'm not sure what the ramifications of this error would be. Cheers, Justin.