ejabberd and AppArmor

To: "Debian-user@lists.debian.org" <Debian-user@lists.debian.org>
Subject: ejabberd and AppArmor
From: André Rodier <andre@rodier.me>
Date: Sun, 11 Aug 2019 08:00:38 +0100
Message-id: <[🔎] 6bfdf165c35512951a2662282b8236d376a5ee78.camel@rodier.me>

Dear Debian users,

I have my ejabberd running correctly, on Debian Stretch, under an
AppArmor profile.

>From time to time, I have a net_admin capability denied by AppArmor:

> Aug 11 06:54:22 osaka audit[16114]: AVC apparmor="DENIED"
> operation="capable" profile="/usr/sbin/ejabberdctl//su" pid=16114
> comm="su" capability=12  capname="net_admin"

Should this capability be added to the AppArmor profile, and why?

Thanks.
André

Reply to:

Prev by Date: Re: can I install and use Debian (was: August 10, 2019)
Next by Date: Re: installing Debian 10 to 3 hdds as one big system
Previous by thread: Re: revise the /etc/security/limits.conf doesn't take effect for normal user.
Next by thread: Debian 10 "buster" released
Index(es):
- Date
- Thread