Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Apparmor denial for the first time any source submits on Focal #5796

Closed
3 tasks
kushaldas opened this issue Feb 17, 2021 · 1 comment · Fixed by #5805
Closed
3 tasks

Apparmor denial for the first time any source submits on Focal #5796

kushaldas opened this issue Feb 17, 2021 · 1 comment · Fixed by #5805
Assignees
@kushaldas
Labels
release blocker

Comments

@kushaldas
Copy link
Contributor

Description

For a fresh install of SecureDrop on Focal, we can see grsec denial message when a source submits for the first time.

Steps to Reproduce

  • Install SecureDrop on Focal
  • tail -f /var/log/syslog
  • Submit a message as a source

Expected Behavior

  • No errors should show up in the log

Actual Behavior

Feb 17 07:58:49 app kernel: [14594.626357] audit: type=1400 audit(1613548729.520:20): apparmor="DENIED" operation="chmod" profile="/usr/sbin/apache2" name="/var/lib/securedrop/keys/private-keys-v1.d/" pid=2910 comm="gpg-agent" requested_mask="w" denied_mask="w" fsuid=33 ouid=33

Comments

Suggestions to fix, any other relevant information.
@conorsch
Copy link
Contributor

Can confirm, on Qubes Focal staging VMs:

Feb 17 16:02:19 app-staging kernel: [ 9935.264729] audit: type=1400 audit(1613577739.119:20): apparmor="DENIED" operation="chmod" profile="/usr/sbin/apache2" name="/var/lib/securedrop/keys/private-keys-v1.d/" pid=9572 comm="gpg-agent" requested_mask="w" denied_mask="w" fsuid=33 ouid=33

@kushaldas kushaldas self-assigned this Feb 19, 2021
kushaldas added a commit that referenced this issue Feb 19, 2021
@kushaldas
Fixes #5796 updates apparmor rule set for apache2
141253e
@kushaldas kushaldas mentioned this issue Feb 19, 2021
Merged
12 tasks
emkll added a commit that referenced this issue Feb 19, 2021
@emkll
Merge pull request #5805 from freedomofpress/5796-fix-apparmor
c874fb8 
Fixes #5796 updates apparmor rule set for apache2
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@kushaldas kushaldas

Labels
release blocker
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Fixes #5796 updates apparmor rule set for apache2 freedomofpress/securedrop
3 participants
@eloquence @kushaldas @conorsch