apparmor-profile-everything breaks Qubes upgrading

Phabricator Tickets
1

Information

ID: 936
PHID: PHID-TASK-ugb53cnrkpnq7furmbdh
Author: Patrick
Status at Migration Time: resolved
Priority at Migration Time: Normal

Description

sudo aa-status

user@host:~$ sudo journalctl -b | grep -i denied
Nov 23 14:35:26 host audit[1923]: AVC apparmor=“DENIED” operation=“link” info=“link not subset of target” error=-13 profile=“/usr/bin/apt-get” name=“/usr/lib/security-misc/pam_tally2-info.dpkg-tmp” pid=1923 comm=“dpkg” requested_mask=“x” denied_mask=“x” fsuid=0 ouid=0 target=“/usr/lib/security-misc/pam_tally2-info”
Nov 23 14:35:27 host audit[2198]: AVC apparmor=“DENIED” operation=“file_inherit” profile=“/usr/lib/security-misc/permission-lockdown” name=“/dev/pts/1” pid=2198 comm=“permission-lock” requested_mask=“wr” denied_mask=“wr” fsuid=0 ouid=0
Nov 23 14:35:27 host audit[2198]: AVC apparmor=“DENIED” operation=“file_inherit” profile=“/usr/lib/security-misc/permission-lockdown” name=“/dev/pts/1” pid=2198 comm=“permission-lock” requested_mask=“wr” denied_mask=“wr” fsuid=0 ouid=0
Nov 23 14:35:27 host audit[2198]: AVC apparmor=“DENIED” operation=“file_inherit” profile=“/usr/lib/security-misc/permission-lockdown” name=“/dev/pts/1” pid=2198 comm=“permission-lock” requested_mask=“wr” denied_mask=“wr” fsuid=0 ouid=0
Nov 23 14:35:27 host audit[2198]: AVC apparmor=“DENIED” operation=“file_inherit” profile=“/usr/lib/security-misc/permission-lockdown” name=“/dev/pts/1” pid=2198 comm=“permission-lock” requested_mask=“wr” denied_mask=“wr” fsuid=0 ouid=0
Nov 23 14:35:27 host audit[2207]: AVC apparmor=“DENIED” operation=“open” profile=“/usr/bin/apt-get” name=“/dev/xvda” pid=2207 comm=“grub-probe” requested_mask=“r” denied_mask=“r” fsuid=0 ouid=0
Nov 23 14:35:27 host audit[2207]: AVC apparmor=“DENIED” operation=“open” profile=“/usr/bin/apt-get” name=“/dev/xvda” pid=2207 comm=“grub-probe” requested_mask=“r” denied_mask=“r” fsuid=0 ouid=0
Nov 23 14:35:27 host audit[2207]: AVC apparmor=“DENIED” operation=“open” profile=“/usr/bin/apt-get” name=“/dev/xvda3” pid=2207 comm=“grub-probe” requested_mask=“r” denied_mask=“r” fsuid=0 ouid=0
Nov 23 14:35:27 host audit[2207]: AVC apparmor=“DENIED” operation=“open” profile=“/usr/bin/apt-get” name=“/dev/xvda” pid=2207 comm=“grub-probe” requested_mask=“r” denied_mask=“r” fsuid=0 ouid=0
Nov 23 14:35:27 host audit[2207]: AVC apparmor=“DENIED” operation=“open” profile=“/usr/bin/apt-get” name=“/dev/xvda” pid=2207 comm=“grub-probe” requested_mask=“r” denied_mask=“r” fsuid=0 ouid=0
Nov 23 14:35:27 host audit[2207]: AVC apparmor=“DENIED” operation=“open” profile=“/usr/bin/apt-get” name=“/dev/xvda3” pid=2207 comm=“grub-probe” requested_mask=“r” denied_mask=“r” fsuid=0 ouid=0
Nov 23 14:35:27 host audit[2212]: AVC apparmor=“DENIED” operation=“open” profile=“/usr/bin/apt-get” name=“/dev/xvda” pid=2212 comm=“grub-probe” requested_mask=“r” denied_mask=“r” fsuid=0 ouid=0
Nov 23 14:35:27 host audit[2212]: AVC apparmor=“DENIED” operation=“open” profile=“/usr/bin/apt-get” name=“/dev/xvda” pid=2212 comm=“grub-probe” requested_mask=“r” denied_mask=“r” fsuid=0 ouid=0
Nov 23 14:35:27 host audit[2212]: AVC apparmor=“DENIED” operation=“open” profile=“/usr/bin/apt-get” name=“/dev/xvda3” pid=2212 comm=“grub-probe” requested_mask=“r” denied_mask=“r” fsuid=0 ouid=0
Nov 23 14:35:27 host audit[2212]: AVC apparmor=“DENIED” operation=“open” profile=“/usr/bin/apt-get” name=“/dev/xvda” pid=2212 comm=“grub-probe” requested_mask=“r” denied_mask=“r” fsuid=0 ouid=0
Nov 23 14:35:27 host audit[2212]: AVC apparmor=“DENIED” operation=“open” profile=“/usr/bin/apt-get” name=“/dev/xvda” pid=2212 comm=“grub-probe” requested_mask=“r” denied_mask=“r” fsuid=0 ouid=0
Nov 23 14:35:27 host audit[2212]: AVC apparmor=“DENIED” operation=“open” profile=“/usr/bin/apt-get” name=“/dev/xvda3” pid=2212 comm=“grub-probe” requested_mask=“r” denied_mask=“r” fsuid=0 ouid=0
Nov 23 14:35:27 host audit[2217]: AVC apparmor=“DENIED” operation=“open” profile=“/usr/bin/apt-get” name=“/dev/xvda” pid=2217 comm=“grub-probe” requested_mask=“r” denied_mask=“r” fsuid=0 ouid=0
Nov 23 14:35:27 host audit[2217]: AVC apparmor=“DENIED” operation=“open” profile=“/usr/bin/apt-get” name=“/dev/xvda” pid=2217 comm=“grub-probe” requested_mask=“r” denied_mask=“r” fsuid=0 ouid=0
Nov 23 14:35:27 host audit[2217]: AVC apparmor=“DENIED” operation=“open” profile=“/usr/bin/apt-get” name=“/dev/xvda3” pid=2217 comm=“grub-probe” requested_mask=“r” denied_mask=“r” fsuid=0 ouid=0
Nov 23 14:35:27 host audit[2217]: AVC apparmor=“DENIED” operation=“open” profile=“/usr/bin/apt-get” name=“/dev/xvda” pid=2217 comm=“grub-probe” requested_mask=“r” denied_mask=“r” fsuid=0 ouid=0
Nov 23 14:35:27 host audit[2217]: AVC apparmor=“DENIED” operation=“open” profile=“/usr/bin/apt-get” name=“/dev/xvda” pid=2217 comm=“grub-probe” requested_mask=“r” denied_mask=“r” fsuid=0 ouid=0
Nov 23 14:35:27 host audit[2217]: AVC apparmor=“DENIED” operation=“open” profile=“/usr/bin/apt-get” name=“/dev/xvda3” pid=2217 comm=“grub-probe” requested_mask=“r” denied_mask=“r” fsuid=0 ouid=0
Nov 23 14:35:27 host audit[2247]: AVC apparmor=“DENIED” operation=“open” profile=“/usr/bin/apt-get” name=“/dev/xvda” pid=2247 comm=“grub-probe” requested_mask=“r” denied_mask=“r” fsuid=0 ouid=0
Nov 23 14:35:27 host audit[2247]: AVC apparmor=“DENIED” operation=“open” profile=“/usr/bin/apt-get” name=“/dev/xvda” pid=2247 comm=“grub-probe” requested_mask=“r” denied_mask=“r” fsuid=0 ouid=0
Nov 23 14:35:27 host audit[2247]: AVC apparmor=“DENIED” operation=“open” profile=“/usr/bin/apt-get” name=“/dev/xvda3” pid=2247 comm=“grub-probe” requested_mask=“r” denied_mask=“r” fsuid=0 ouid=0
Nov 23 14:35:27 host audit[2247]: AVC apparmor=“DENIED” operation=“open” profile=“/usr/bin/apt-get” name=“/dev/xvda” pid=2247 comm=“grub-probe” requested_mask=“r” denied_mask=“r” fsuid=0 ouid=0
Nov 23 14:35:27 host audit[2247]: AVC apparmor=“DENIED” operation=“open” profile=“/usr/bin/apt-get” name=“/dev/xvda” pid=2247 comm=“grub-probe” requested_mask=“r” denied_mask=“r” fsuid=0 ouid=0
Nov 23 14:35:27 host audit[2247]: AVC apparmor=“DENIED” operation=“open” profile=“/usr/bin/apt-get” name=“/dev/xvda3” pid=2247 comm=“grub-probe” requested_mask=“r” denied_mask=“r” fsuid=0 ouid=0
Nov 23 14:35:27 host audit[2251]: AVC apparmor=“DENIED” operation=“open” profile=“/usr/bin/apt-get” name=“/dev/xvda” pid=2251 comm=“grub-probe” requested_mask=“r” denied_mask=“r” fsuid=0 ouid=0
Nov 23 14:35:27 host audit[2251]: AVC apparmor=“DENIED” operation=“open” profile=“/usr/bin/apt-get” name=“/dev/xvda” pid=2251 comm=“grub-probe” requested_mask=“r” denied_mask=“r” fsuid=0 ouid=0
Nov 23 14:35:27 host audit[2251]: AVC apparmor=“DENIED” operation=“open” profile=“/usr/bin/apt-get” name=“/dev/xvda3” pid=2251 comm=“grub-probe” requested_mask=“r” denied_mask=“r” fsuid=0 ouid=0
Nov 23 14:35:27 host audit[2251]: AVC apparmor=“DENIED” operation=“open” profile=“/usr/bin/apt-get” name=“/dev/xvda” pid=2251 comm=“grub-probe” requested_mask=“r” denied_mask=“r” fsuid=0 ouid=0
Nov 23 14:35:27 host audit[2251]: AVC apparmor=“DENIED” operation=“open” profile=“/usr/bin/apt-get” name=“/dev/xvda” pid=2251 comm=“grub-probe” requested_mask=“r” denied_mask=“r” fsuid=0 ouid=0
Nov 23 14:35:27 host audit[2251]: AVC apparmor=“DENIED” operation=“open” profile=“/usr/bin/apt-get” name=“/dev/xvda3” pid=2251 comm=“grub-probe” requested_mask=“r” denied_mask=“r” fsuid=0 ouid=0
Nov 23 14:35:27 host audit[2255]: AVC apparmor=“DENIED” operation=“open” profile=“/usr/bin/apt-get” name=“/dev/xvda” pid=2255 comm=“grub-probe” requested_mask=“r” denied_mask=“r” fsuid=0 ouid=0
Nov 23 14:35:27 host audit[2255]: AVC apparmor=“DENIED” operation=“open” profile=“/usr/bin/apt-get” name=“/dev/xvda” pid=2255 comm=“grub-probe” requested_mask=“r” denied_mask=“r” fsuid=0 ouid=0
Nov 23 14:35:27 host audit[2255]: AVC apparmor=“DENIED” operation=“open” profile=“/usr/bin/apt-get” name=“/dev/xvda3” pid=2255 comm=“grub-probe” requested_mask=“r” denied_mask=“r” fsuid=0 ouid=0
Nov 23 14:35:27 host audit[2255]: AVC apparmor=“DENIED” operation=“open” profile=“/usr/bin/apt-get” name=“/dev/xvda” pid=2255 comm=“grub-probe” requested_mask=“r” denied_mask=“r” fsuid=0 ouid=0
Nov 23 14:35:27 host audit[2255]: AVC apparmor=“DENIED” operation=“open” profile=“/usr/bin/apt-get” name=“/dev/xvda” pid=2255 comm=“grub-probe” requested_mask=“r” denied_mask=“r” fsuid=0 ouid=0
Nov 23 14:35:27 host audit[2255]: AVC apparmor=“DENIED” operation=“open” profile=“/usr/bin/apt-get” name=“/dev/xvda3” pid=2255 comm=“grub-probe” requested_mask=“r” denied_mask=“r” fsuid=0 ouid=0
Nov 23 14:35:27 host audit[2259]: AVC apparmor=“DENIED” operation=“open” profile=“/usr/bin/apt-get” name=“/dev/xvda” pid=2259 comm=“grub-probe” requested_mask=“r” denied_mask=“r” fsuid=0 ouid=0
Nov 23 14:35:27 host audit[2259]: AVC apparmor=“DENIED” operation=“open” profile=“/usr/bin/apt-get” name=“/dev/xvda” pid=2259 comm=“grub-probe” requested_mask=“r” denied_mask=“r” fsuid=0 ouid=0
Nov 23 14:35:27 host audit[2259]: AVC apparmor=“DENIED” operation=“open” profile=“/usr/bin/apt-get” name=“/dev/xvda3” pid=2259 comm=“grub-probe” requested_mask=“r” denied_mask=“r” fsuid=0 ouid=0
Nov 23 14:35:27 host audit[2259]: AVC apparmor=“DENIED” operation=“open” profile=“/usr/bin/apt-get” name=“/dev/xvda” pid=2259 comm=“grub-probe” requested_mask=“r” denied_mask=“r” fsuid=0 ouid=0
Nov 23 14:35:27 host audit[2259]: AVC apparmor=“DENIED” operation=“open” profile=“/usr/bin/apt-get” name=“/dev/xvda” pid=2259 comm=“grub-probe” requested_mask=“r” denied_mask=“r” fsuid=0 ouid=0
Nov 23 14:35:27 host audit[2259]: AVC apparmor=“DENIED” operation=“open” profile=“/usr/bin/apt-get” name=“/dev/xvda3” pid=2259 comm=“grub-probe” requested_mask=“r” denied_mask=“r” fsuid=0 ouid=0
Nov 23 14:35:27 host audit[2309]: AVC apparmor=“DENIED” operation=“open” profile=“/usr/bin/apt-get” name=“/dev/xvda” pid=2309 comm=“grub-probe” requested_mask=“r” denied_mask=“r” fsuid=0 ouid=0
Nov 23 14:35:27 host audit[2309]: AVC apparmor=“DENIED” operation=“open” profile=“/usr/bin/apt-get” name=“/dev/xvda” pid=2309 comm=“grub-probe” requested_mask=“r” denied_mask=“r” fsuid=0 ouid=0
Nov 23 14:35:27 host audit[2309]: AVC apparmor=“DENIED” operation=“open” profile=“/usr/bin/apt-get” name=“/dev/xvda3” pid=2309 comm=“grub-probe” requested_mask=“r” denied_mask=“r” fsuid=0 ouid=0
Nov 23 14:35:27 host audit[2309]: AVC apparmor=“DENIED” operation=“open” profile=“/usr/bin/apt-get” name=“/dev/xvda” pid=2309 comm=“grub-probe” requested_mask=“r” denied_mask=“r” fsuid=0 ouid=0
Nov 23 14:35:27 host audit[2309]: AVC apparmor=“DENIED” operation=“open” profile=“/usr/bin/apt-get” name=“/dev/xvda” pid=2309 comm=“grub-probe” requested_mask=“r” denied_mask=“r” fsuid=0 ouid=0
Nov 23 14:35:27 host audit[2309]: AVC apparmor=“DENIED” operation=“open” profile=“/usr/bin/apt-get” name=“/dev/xvda3” pid=2309 comm=“grub-probe” requested_mask=“r” denied_mask=“r” fsuid=0 ouid=0
Nov 23 14:35:28 host audit[2335]: AVC apparmor=“DENIED” operation=“open” profile=“/usr/bin/apt-get” name=“/dev/xvda” pid=2335 comm=“grub-probe” requested_mask=“r” denied_mask=“r” fsuid=0 ouid=0
Nov 23 14:35:28 host audit[2335]: AVC apparmor=“DENIED” operation=“open” profile=“/usr/bin/apt-get” name=“/dev/xvda” pid=2335 comm=“grub-probe” requested_mask=“r” denied_mask=“r” fsuid=0 ouid=0
Nov 23 14:35:28 host audit[2335]: AVC apparmor=“DENIED” operation=“open” profile=“/usr/bin/apt-get” name=“/dev/xvda3” pid=2335 comm=“grub-probe” requested_mask=“r” denied_mask=“r” fsuid=0 ouid=0
Nov 23 14:35:28 host audit[2335]: AVC apparmor=“DENIED” operation=“open” profile=“/usr/bin/apt-get” name=“/dev/xvda” pid=2335 comm=“grub-probe” requested_mask=“r” denied_mask=“r” fsuid=0 ouid=0
Nov 23 14:35:28 host audit[2335]: AVC apparmor=“DENIED” operation=“open” profile=“/usr/bin/apt-get” name=“/dev/xvda” pid=2335 comm=“grub-probe” requested_mask=“r” denied_mask=“r” fsuid=0 ouid=0
Nov 23 14:35:28 host audit[2335]: AVC apparmor=“DENIED” operation=“open” profile=“/usr/bin/apt-get” name=“/dev/xvda3” pid=2335 comm=“grub-probe” requested_mask=“r” denied_mask=“r” fsuid=0 ouid=0
Nov 23 14:35:28 host audit[2386]: AVC apparmor=“DENIED” operation=“open” profile=“/usr/bin/apt-get” name=“/dev/xvda” pid=2386 comm=“grub-probe” requested_mask=“r” denied_mask=“r” fsuid=0 ouid=0
Nov 23 14:35:28 host audit[2386]: AVC apparmor=“DENIED” operation=“open” profile=“/usr/bin/apt-get” name=“/dev/xvda” pid=2386 comm=“grub-probe” requested_mask=“r” denied_mask=“r” fsuid=0 ouid=0
Nov 23 14:35:28 host audit[2386]: AVC apparmor=“DENIED” operation=“open” profile=“/usr/bin/apt-get” name=“/dev/xvda3” pid=2386 comm=“grub-probe” requested_mask=“r” denied_mask=“r” fsuid=0 ouid=0
Nov 23 14:35:28 host audit[2386]: AVC apparmor=“DENIED” operation=“open” profile=“/usr/bin/apt-get” name=“/dev/xvda” pid=2386 comm=“grub-probe” requested_mask=“r” denied_mask=“r” fsuid=0 ouid=0
Nov 23 14:35:28 host audit[2386]: AVC apparmor=“DENIED” operation=“open” profile=“/usr/bin/apt-get” name=“/dev/xvda” pid=2386 comm=“grub-probe” requested_mask=“r” denied_mask=“r” fsuid=0 ouid=0
Nov 23 14:35:28 host audit[2386]: AVC apparmor=“DENIED” operation=“open” profile=“/usr/bin/apt-get” name=“/dev/xvda3” pid=2386 comm=“grub-probe” requested_mask=“r” denied_mask=“r” fsuid=0 ouid=0
Nov 23 14:35:28 host audit[2432]: AVC apparmor=“DENIED” operation=“open” profile=“/usr/bin/apt-get” name=“/dev/xvda” pid=2432 comm=“grub-probe” requested_mask=“r” denied_mask=“r” fsuid=0 ouid=0
Nov 23 14:35:28 host audit[2432]: AVC apparmor=“DENIED” operation=“open” profile=“/usr/bin/apt-get” name=“/dev/xvda” pid=2432 comm=“grub-probe” requested_mask=“r” denied_mask=“r” fsuid=0 ouid=0
Nov 23 14:35:28 host audit[2432]: AVC apparmor=“DENIED” operation=“open” profile=“/usr/bin/apt-get” name=“/dev/xvda3” pid=2432 comm=“grub-probe” requested_mask=“r” denied_mask=“r” fsuid=0 ouid=0
Nov 23 14:35:28 host audit[2432]: AVC apparmor=“DENIED” operation=“open” profile=“/usr/bin/apt-get” name=“/dev/xvda” pid=2432 comm=“grub-probe” requested_mask=“r” denied_mask=“r” fsuid=0 ouid=0
Nov 23 14:35:28 host audit[2432]: AVC apparmor=“DENIED” operation=“open” profile=“/usr/bin/apt-get” name=“/dev/xvda” pid=2432 comm=“grub-probe” requested_mask=“r” denied_mask=“r” fsuid=0 ouid=0
Nov 23 14:35:28 host audit[2432]: AVC apparmor=“DENIED” operation=“open” profile=“/usr/bin/apt-get” name=“/dev/xvda3” pid=2432 comm=“grub-probe” requested_mask=“r” denied_mask=“r” fsuid=0 ouid=0
Nov 23 14:35:29 host audit[2535]: AVC apparmor=“DENIED” operation=“capable” profile=“/usr/bin/apt-get” pid=2535 comm=“(sd-askpwagent)” capability=24 capname=“sys_resource”
Nov 23 14:35:39 host audit[2980]: AVC apparmor=“DENIED” operation=“open” profile=“/usr/bin/apt-get” name=“/dev/xen/gntalloc” pid=2980 comm=“qrexec-client-v” requested_mask=“wr” denied_mask=“wr” fsuid=0 ouid=0

Comments

madaidan

2019-11-23 15:20:21 UTC

Patrick

2019-11-23 15:38:07 UTC

Patrick

2019-11-23 15:41:34 UTC

madaidan

2019-11-23 15:44:43 UTC