[Bug 1190552] less fails without which
http://bugzilla.opensuse.org/show_bug.cgi?id=1190552 http://bugzilla.opensuse.org/show_bug.cgi?id=1190552#c9 --- Comment #9 from Cristian Rodr�guez <crrodriguez@opensuse.org> --- (In reply to Christian Boltz from comment #8)
I'm afraid your audit.log caused more questions than it answers ;-)
Basically you have two events (repeated multiple times):
apparmor="DENIED" operation="sendmsg" profile="/usr/bin/lessopen.sh" pid=6779 comm="file" lport=814 family="inet" sock_type="dgram" protocol=17 requested_mask="send" denied_mask="send"
apparmor="DENIED" operation="sendmsg" profile="/usr/bin/lessopen.sh" pid=7077 comm="lessopen.sh" lport=814 family="inet" sock_type="dgram" protocol=17 requested_mask="send" denied_mask="send"
It's very strange that the lessopen.sh script and "file" need inet dgram permissions. I asked upstream, and the answer was
[17:27:28] <jjohansen1> well, you can use it internal to the machine as a message passing protocol [17:27:51] <jjohansen1> this can be convenient if you have a need that could be local or remote [17:28:46] <jjohansen1> but it is certainly suspect, and needs to be looked into [...] [17:49:49] <jjohansen1> its interesting that its the file command and the script [17:50:01] <jjohansen1> perhaps its being used as a pipe? [17:51:41] <jjohansen1> an strace would be interesting to see
Unfortunately I'm not able to reproduce what you see, so - can you please do a strace, check that it causes these entries in audit.log again, and then attach the strace output?
"file" does use use socket() .. if it did.. there is a seccomp filter dissallowing anything but AF_UNIX. less doesn't use it either. What the hell is going on.. don't have time to dig further right now. need a trace of the program.. and whatis lport in the audit log also? wasn't able to find the meaning on the web.. it is logging port? low port? -- You are receiving this mail because: You are on the CC list for the bug.
participants (1)
-
bugzilla_noreply@suse.com