You are not logged in.

Pages: 1

#1 2021-02-13 12:24:39

lior
Member
Registered: 2021-02-13
Posts: 7

[SOLVED] AppArmor: reading /proc/self/attr/current results in errno 22

Today I tried running 

 ps auxZ

but to my surprise it didn't print the security context of any process.
I checked 

 aa-status

and apparmor was enabled.

After further digging (strace-ing) I found out that trying to read /proc/self/attr/current resulted in errno 22 instead of giving the confinement status of the process.

/proc/self/attr/apparmor/current seems to work fine though.

Python 3.9.1 (default, Feb  6 2021, 06:49:13)
Type 'copyright', 'credits' or 'license' for more information
IPython 7.19.0 -- An enhanced Interactive Python. Type '?' for help.

In [1]: import os

In [2]: x = os.open('/proc/self/attr/current', os.O_RDONLY)

In [3]: os.read(x, 1)
---------------------------------------------------------------------------
OSError                                   Traceback (most recent call last)
<ipython-input-3-2fb020720371> in <module>
----> 1 os.read(x, 1)

OSError: [Errno 22] Invalid argument

In [4]: y = os.open('/proc/self/attr/apparmor/current', os.O_RDONLY)

In [5]: os.read(y, 1)
Out[5]: b'u'

I tried it on linux-hardened (5.10.15.hardened1-1) and linux (5.10.15.arch1-1), they gave me the same result.
When I tried it on linux-lts (5.4.97-1), it worked without any problems.

I guess its a new bug/change introduced in newer kernels.

Anyone else is getting this?

Last edited by lior (2021-06-05 18:10:40)

Offline

#2 2021-04-13 19:31:31

qurczak
Member
Registered: 2021-04-13
Posts: 2

Re: [SOLVED] AppArmor: reading /proc/self/attr/current results in errno 22

I have the same problem, for example command 

ps -Z

do not show loaded profile, the same error for /proc/self/attr/current.

My previous kernel was linux-lts-4.9.263-1 and current kernel is linux-lts-5.10.26. So something changed in kernel code between your (5.4) and (5.10) and for now i cannot localize this.

Offline

#3 2021-06-05 14:39:50

qurczak
Member
Registered: 2021-04-13
Posts: 2

Re: [SOLVED] AppArmor: reading /proc/self/attr/current results in errno 22

SOLVED!

Generally, option apparmor wasn't first

More details https://github.com/docker/for-linux/iss … -774541193 and https://wiki.archlinux.org/title/AppArmor#Installation

I've changed options for booting. Old configuration
apparmor=1 security=apparmor

New configuration
apparmor=1 security=apparmor lsm=apparmor,lockdown,yama,bpf

Offline

#4 2021-06-05 18:09:44

lior
Member
Registered: 2021-02-13
Posts: 7

Re: [SOLVED] AppArmor: reading /proc/self/attr/current results in errno 22

That did the trick! Thank you!

Offline

#5 2022-04-17 02:37:28

markc
Member
From: Gold Coast, Australia
Registered: 2007-05-15
Posts: 502
Website

Re: [SOLVED] AppArmor: reading /proc/self/attr/current results in errno 22

Just want to say thank you. I have spent a couple of hours searching for a solution to this problem (the snap LXD would not start in my case) and this solved it, so it's still a relevant issue 12 months later.

Offline

Pages: 1

Board footer

Powered by FluxBB