https://bugzilla.novell.com/show_bug.cgi?id=277380 ------- Comment #2 from joe_morris@ntm.org 2007-05-23 16:35 MST ------- joe@jmorris:~> su Password: jmorris:/home/joe # aa-unconfined jmorris:/home/joe # netstat -nlp Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 127.0.0.1:2208 0.0.0.0:* LISTEN - tcp 0 0 0.0.0.0:995 0.0.0.0:* LISTEN - tcp 0 0 0.0.0.0:901 0.0.0.0:* LISTEN - tcp 0 0 127.0.0.1:10024 0.0.0.0:* LISTEN - tcp 0 0 127.0.0.1:10025 0.0.0.0:* LISTEN - tcp 0 0 0.0.0.0:873 0.0.0.0:* LISTEN - tcp 0 0 127.0.0.1:3310 0.0.0.0:* LISTEN - tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN - tcp 0 0 127.0.0.1:465 0.0.0.0:* LISTEN - tcp 0 0 0.0.0.0:5426 0.0.0.0:* LISTEN - tcp 0 0 192.168.1.2:53 0.0.0.0:* LISTEN - tcp 0 0 192.168.10.1:53 0.0.0.0:* LISTEN - tcp 0 0 127.0.0.1:53 0.0.0.0:* LISTEN - tcp 0 0 0.0.0.0:631 0.0.0.0:* LISTEN - tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN - tcp 0 0 127.0.0.1:953 0.0.0.0:* LISTEN - tcp 0 0 127.0.0.1:2207 0.0.0.0:* LISTEN - tcp 0 0 ::1:10025 :::* LISTEN - tcp 0 0 :::873 :::* LISTEN - tcp 0 0 ::1:465 :::* LISTEN - tcp 0 0 :::22 :::* LISTEN - tcp 0 0 :::631 :::* LISTEN - tcp 0 0 ::1:25 :::* LISTEN - udp 0 0 0.0.0.0:32768 0.0.0.0:* - udp 0 0 0.0.0.0:1026 0.0.0.0:* - udp 0 0 127.0.0.1:32798 0.0.0.0:* - udp 0 0 0.0.0.0:5426 0.0.0.0:* - udp 0 0 192.168.1.2:53 0.0.0.0:* - udp 0 0 192.168.10.1:53 0.0.0.0:* - udp 0 0 127.0.0.1:53 0.0.0.0:* - udp 0 0 0.0.0.0:67 0.0.0.0:* - udp 0 0 0.0.0.0:111 0.0.0.0:* - udp 0 0 0.0.0.0:631 0.0.0.0:* - udp 0 0 192.168.1.2:123 0.0.0.0:* - udp 0 0 192.168.10.1:123 0.0.0.0:* - udp 0 0 127.0.0.1:123 0.0.0.0:* - udp 0 0 0.0.0.0:123 0.0.0.0:* - udp 0 0 :::32769 :::* - udp 0 0 fe80::216:17ff:fe8c:123 :::* - udp 0 0 ::1:123 :::* - udp 0 0 :::123 :::* - raw 0 0 0.0.0.0:1 0.0.0.0:* 7 - Active UNIX domain sockets (only servers) Proto RefCnt Flags Type State I-Node PID/Program name Path unix 2 [ ACC ] STREAM LISTENING 13442 - /tmp/gpg-Zh3sOV/S.gpg-agent unix 2 [ ACC ] STREAM LISTENING 13445 - /tmp/ssh-hnNJw4369/agent.4369 unix 2 [ ACC ] STREAM LISTENING 13238 - /var/spool/amavis/amavisd.sock unix 2 [ ACC ] STREAM LISTENING 15379 - public/cleanup unix 2 [ ACC ] STREAM LISTENING 14240 - /var/run/nscd/socket unix 2 [ ACC ] STREAM LISTENING 15386 - private/tlsmgr unix 2 [ ACC ] STREAM LISTENING 15390 - private/rewrite unix 2 [ ACC ] STREAM LISTENING 15394 - private/bounce unix 2 [ ACC ] STREAM LISTENING 15398 - private/defer unix 2 [ ACC ] STREAM LISTENING 15402 - private/trace unix 2 [ ACC ] STREAM LISTENING 15406 - private/verify unix 2 [ ACC ] STREAM LISTENING 15410 - public/flush unix 2 [ ACC ] STREAM LISTENING 15414 - private/proxymap unix 2 [ ACC ] STREAM LISTENING 15418 - private/smtp unix 2 [ ACC ] STREAM LISTENING 15422 - private/relay unix 2 [ ACC ] STREAM LISTENING 15426 - public/showq unix 2 [ ACC ] STREAM LISTENING 15430 - private/error unix 2 [ ACC ] STREAM LISTENING 15434 - private/discard unix 2 [ ACC ] STREAM LISTENING 15438 - private/local unix 2 [ ACC ] STREAM LISTENING 15442 - private/virtual unix 2 [ ACC ] STREAM LISTENING 15446 - private/lmtp unix 2 [ ACC ] STREAM LISTENING 15450 - private/anvil unix 2 [ ACC ] STREAM LISTENING 10910 - /var/run/xdmctl/dmctl/socket unix 2 [ ACC ] STREAM LISTENING 15473 - private/scache unix 2 [ ACC ] STREAM LISTENING 15477 - private/maildrop unix 2 [ ACC ] STREAM LISTENING 15481 - private/cyrus unix 2 [ ACC ] STREAM LISTENING 16154 - /home/joe/.beagle/socket unix 2 [ ACC ] STREAM LISTENING 15485 - private/uucp unix 2 [ ACC ] STREAM LISTENING 31005 - /tmp/ksocket-joe/kdesud_:0 unix 2 [ ACC ] STREAM LISTENING 15489 - private/ifmail unix 2 [ ACC ] STREAM LISTENING 11075 - /var/run/xdmctl/dmctl-:0/socket unix 2 [ ACC ] STREAM LISTENING 15493 - private/bsmtp unix 2 [ ACC ] STREAM LISTENING 15497 - private/procmail unix 2 [ ACC ] STREAM LISTENING 20368 - /var/lib/clamav/clamd-socket unix 2 [ ACC ] STREAM LISTENING 38780 - /tmp/orbit-joe/linc-21ae-0-fcf244e9f938 unix 2 [ ACC ] STREAM LISTENING 38832 - /tmp/orbit-joe/linc-20ac-0-75ed4ac0c4b48 unix 2 [ ACC ] STREAM LISTENING 11041 - /tmp/.X11-unix/X0 unix 2 [ ACC ] STREAM LISTENING 9062 - /var/run/dbus/system_bus_socket unix 2 [ ACC ] STREAM LISTENING 13650 - /tmp/.ICE-unix/4477 unix 2 [ ACC ] STREAM LISTENING 10484 - @/var/run/hald/dbus-c5zPmGQwBU unix 2 [ ACC ] STREAM LISTENING 13510 - /tmp/ksocket-joe/kdeinit__0 unix 2 [ ACC ] STREAM LISTENING 9029 - /var/run/acpid.socket unix 2 [ ACC ] STREAM LISTENING 9177 - /var/run/.resmgr_socket unix 2 [ ACC ] STREAM LISTENING 10485 - @/var/run/hald/dbus-cADoqbyZmY unix 2 [ ACC ] STREAM LISTENING 13512 - /tmp/ksocket-joe/kdeinit-:0 unix 2 [ ACC ] STREAM LISTENING 13546 - /tmp/ksocket-joe/klauncher72usFa.slave-socket unix 2 [ ACC ] STREAM LISTENING 13462 - @/tmp/dbus-n0PRoiUkHs unix 2 [ ACC ] STREAM LISTENING 13926 - /var/run/cups/cups.sock unix 2 [ ACC ] STREAM LISTENING 13523 - /tmp/.ICE-unix/dcop4465-1179959028 jmorris:/home/joe # uname -a Linux jmorris 2.6.21-200-default #1 SMP Fri May 18 14:32:06 UTC 2007 x86_64 x86_64 x86_64 GNU/Linux jmorris:/home/joe # cat /etc/SuSE-release openSUSE 10.2 (X86-64) VERSION = 10.2 jmorris:/home/joe # cat /sys/kernel/security/apparmor/profiles /usr/sbin/xinetd (enforce) /usr/sbin/traceroute (enforce) /usr/sbin/sshd (enforce) /usr/sbin/sendmail.postfix (enforce) /usr/sbin/sendmail (enforce) /usr/sbin/rsyncd (enforce) /usr/sbin/postqueue (enforce) /usr/sbin/postmap (enforce) /usr/sbin/postdrop (enforce) /usr/sbin/postalias (enforce) /usr/sbin/ntpd (enforce) /usr/sbin/nscd (enforce) /usr/sbin/named (enforce) /usr/sbin/mdnsd (enforce) /usr/sbin/ipop3d (enforce) /usr/sbin/imapd (enforce) /usr/sbin/identd (enforce) /usr/sbin/hpiod (enforce) /usr/sbin/dhcpd (enforce) /usr/sbin/cupsd (enforce) /usr/sbin/clamd (enforce) /usr/sbin/amavisd (complain) /usr/lib/postfix/virtual (enforce) /usr/lib/postfix/verify (enforce) /usr/lib/postfix/trivial-rewrite (enforce) /usr/lib/postfix/tlsmgr (enforce) /usr/lib/postfix/spawn (enforce) /usr/lib/postfix/smtpd (enforce) /usr/lib/postfix/smtp (enforce) /usr/lib/postfix/showq (enforce) /usr/lib/postfix/scache (enforce) /usr/lib/postfix/qmqpd (enforce) /usr/lib/postfix/qmgr (complain) /usr/lib/postfix/proxymap (enforce) /usr/lib/postfix/pipe (enforce) /usr/lib/postfix/pickup (enforce) /usr/lib/postfix/oqmgr (enforce) /usr/lib/postfix/nqmgr (enforce) /usr/lib/postfix/master (enforce) /usr/lib/postfix/local (enforce) /usr/lib/postfix/lmtp (enforce) /usr/lib/postfix/flush (enforce) /usr/lib/postfix/error (enforce) /usr/lib/postfix/discard (enforce) /usr/lib/postfix/cleanup (enforce) /usr/lib/postfix/bounce (enforce) /usr/lib/postfix/anvil (enforce) /usr/lib/AntiVir/antivir (complain) /usr/bin/skype (enforce) /usr/bin/python2.5 (enforce) /usr/bin/procmail (enforce) /usr/bin/freshclam (enforce) /usr/X11R6/bin/acroread (enforce) /sbin/syslogd (enforce) /sbin/syslog-ng (enforce) /sbin/portmap (enforce) /sbin/klogd (enforce) /bin/ping (enforce) Yes, I am pretty sure this is from an unconfined root shell. As I mentioned, it worked until I updated to 2.6.21-200. Previous to that, I ran 2.6.21-87. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.