0
asterisk-user

[Odroid XU4] AppArmor in complain mode -- does not log anything

Recommended Posts

Hi All,

 

I might need your help with one issue I've encountered. I'm running debian with the 4.9.20 kernel on an Odroid XU4 board.

 

I've compiled the kernel with the options for AppArmor enabled. The installed AppArmor version is the 2.10.95 (auditd is also installed in version 1:2.4-1+b1).

 

## Kernel Options ##

CONFIG_SECURITY=y
CONFIG_SECURITYFS=y
CONFIG_SECURITY_APPARMOR=y
CONFIG_SECURITY_APPARMOR_BOOTPARAM_VALUE=1
CONFIG_DEFAULT_SECURITY_APPARMOR=y
CONFIG_DEFAULT_SECURITY="apparmor"
CONFIG_SECCOMP=y
CONFIG_SECCOMP_FILTER=y
CONFIG_AUDIT=y

## ##

 

AppArmor itself is working without any issues. If I set a profile to enforce, then any not allowed action is blocked and logged accordingly.

 

The problem I'm facing now is that AppArmor is not logging anything in complain mode, which makes it very difficult to create a new profile for applications. The strange thing is, that all actions get logged in enforce mode perfectly... (e.g. Apr 17 14:21:56 localhost kernel: [ 2913.082774] audit: type=1400 audit(1492435316.208:54): apparmor="DENIED" operation="open" profile="/usr/sbin/nginx" name="/etc/nginx/nginx.conf" pid=4260 comm="nginx" requested_mask="r" denied_mask="r" fsuid=0 ouid=0)

 

Does anyone have a cloue what's wrong?

 

I'd be greateful for any hints.

 

Kind regards,

Viktor

Share this post


Link to post
Share on other sites
Armbian is a community driven open source project. Do you like to contribute your code?

Hi All,

 

it took me a while, but I found the solution:

 

crontab (root):

@reboot /bin/echo 0 > /proc/sys/kernel/printk_ratelimit

 

solved the problem for me. It seems that the kernel is automatically filtering the apparmor messages (spam).

 

Thanks,

Viktor

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
0