Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

Bug#1030153: journald floods itself with apparmor warnings

68 views
Skip to first unread message

Antoine Beaupre

unread,
Jan 31, 2023, 12:10:05 PM1/31/23
to
Package: apparmor
Version: 3.0.8-2
Severity: important

I'm not sure where to lay the blame here, but I can't really use
journalctl since the bookworm upgrade here anymore.


anarcat@marcos:~$ journalctl -n 10| tail -10
jan 31 11:56:02 marcos audit[2208193]: AVC apparmor="ALLOWED" operation="open" profile="/usr/sbin/sshd//null-/usr/bin/bash//null-/usr/bin/screen//null-/usr/bin/bash//null-/usr/bin/journalctl" name="/var/log/journal/3840589866da411b178e07aa0000001d/user...@3109a3dba85e4c67820c02b55f829e1e-000000000d34f9da-0005f3830e701d7e.journal" pid=2208193 comm="journalctl" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
jan 31 11:56:02 marcos audit[2208193]: AVC apparmor="ALLOWED" operation="open" profile="/usr/sbin/sshd//null-/usr/bin/bash//null-/usr/bin/screen//null-/usr/bin/bash//null-/usr/bin/journalctl" name="/var/log/journal/3840589866da411b178e07aa0000001d/user...@52cb1b4160de4973b22b9d1e879ceafe-000000000d1c3822-0005f36d67b663da.journal" pid=2208193 comm="journalctl" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
jan 31 11:56:02 marcos audit[2208193]: AVC apparmor="ALLOWED" operation="open" profile="/usr/sbin/sshd//null-/usr/bin/bash//null-/usr/bin/screen//null-/usr/bin/bash//null-/usr/bin/journalctl" name="/var/log/journal/3840589866da411b178e07aa0000001d/sys...@c4b260b6361649e1819ca8a888938e1d-000000000d3d0d11-0005f391218d8df8.journal" pid=2208193 comm="journalctl" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
jan 31 11:56:02 marcos audit[2208193]: AVC apparmor="ALLOWED" operation="open" profile="/usr/sbin/sshd//null-/usr/bin/bash//null-/usr/bin/screen//null-/usr/bin/bash//null-/usr/bin/journalctl" name="/var/log/journal/3840589866da411b178e07aa0000001d/user...@3109a3dba85e4c67820c02b55f829e1e-000000000d1c23b4-0005f36d51aba5d8.journal" pid=2208193 comm="journalctl" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
jan 31 11:56:02 marcos audit[2208193]: AVC apparmor="ALLOWED" operation="open" profile="/usr/sbin/sshd//null-/usr/bin/bash//null-/usr/bin/screen//null-/usr/bin/bash//null-/usr/bin/journalctl" name="/var/log/journal/3840589866da411b178e07aa0000001d/user...@a38efa23684347ef9b31acdaaf262dd8-000000000d2d8e5d-0005f37ebe1948bb.journal" pid=2208193 comm="journalctl" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
jan 31 11:56:02 marcos audit[2208193]: AVC apparmor="ALLOWED" operation="open" profile="/usr/sbin/sshd//null-/usr/bin/bash//null-/usr/bin/screen//null-/usr/bin/bash//null-/usr/bin/journalctl" name="/var/log/journal/3840589866da411b178e07aa0000001d/user-1046.journal" pid=2208193 comm="journalctl" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
jan 31 11:56:02 marcos audit[2208193]: AVC apparmor="ALLOWED" operation="open" profile="/usr/sbin/sshd//null-/usr/bin/bash//null-/usr/bin/screen//null-/usr/bin/bash//null-/usr/bin/journalctl" name="/var/log/journal/3840589866da411b178e07aa0000001d/user...@783a473ea10e4ba8b524e790c32932d9-000000000d379eb3-0005f389ebe36e8a.journal" pid=2208193 comm="journalctl" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
jan 31 11:56:02 marcos audit[2208193]: AVC apparmor="ALLOWED" operation="open" profile="/usr/sbin/sshd//null-/usr/bin/bash//null-/usr/bin/screen//null-/usr/bin/bash//null-/usr/bin/journalctl" name="/var/log/journal/3840589866da411b178e07aa0000001d/user...@a38efa23684347ef9b31acdaaf262dd8-000000000d24946f-0005f37de770b945.journal" pid=2208193 comm="journalctl" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
jan 31 11:56:02 marcos audit[2208193]: AVC apparmor="ALLOWED" operation="open" profile="/usr/sbin/sshd//null-/usr/bin/bash//null-/usr/bin/screen//null-/usr/bin/bash//null-/usr/bin/journalctl" name="/var/log/journal/3840589866da411b178e07aa0000001d/user...@783a473ea10e4ba8b524e790c32932d9-000000000d38d511-0005f38e27865a08.journal" pid=2208193 comm="journalctl" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
jan 31 11:56:02 marcos audit[2208193]: AVC apparmor="ALLOWED" operation="open" profile="/usr/sbin/sshd//null-/usr/bin/bash//null-/usr/bin/screen//null-/usr/bin/bash//null-/usr/bin/journalctl" name="/var/log/journal/3840589866da411b178e07aa0000001d/sys...@c4b260b6361649e1819ca8a888938e1d-000000000d3a15fc-0005f390ce56bd38.journal" pid=2208193 comm="journalctl" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0

I'm not sure it's journalctl that's at fault here, but I can't really
use it at all anymore. I am not sure either if it's journald triggering
this, or journalctl, but I regularly get this error in dmesg:

[jan31 11:53] systemd-journald[1071826]: Data hash table of /var/log/journal/3840589866da411b178e07aa0000001d/system.journal has a fill level at 75.0 (174765 of 233016 items, 67108864 file size, 383 bytes per hash table item), suggesting rotation.
[ +0,023450] systemd-journald[1071826]: /var/log/journal/3840589866da411b178e07aa0000001d/system.journal: Journal header limits reached or header out-of-date, rotating.

Anyone else seeing this? What's up with that "profile" line anyways?

-- System Information:
Debian Release: bookworm/sid
APT prefers testing-debug
APT policy: (500, 'testing-debug'), (500, 'testing'), (1, 'unstable')
Architecture: amd64 (x86_64)

Kernel: Linux 6.1.0-1-amd64 (SMP w/12 CPU threads; PREEMPT)
Locale: LANG=fr_CA.UTF-8, LC_CTYPE=fr_CA.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages apparmor depends on:
ii debconf [debconf-2.0] 1.5.82
ii libc6 2.36-8

apparmor recommends no packages.

Versions of packages apparmor suggests:
ii apparmor-profiles-extra 1.35
ii apparmor-utils 3.0.8-2

-- debconf information:
apparmor/homedirs:

Antoine Beaupré

unread,
Jan 31, 2023, 1:30:04 PM1/31/23
to
so something is happening with apparmor here. it looks like profile are
"piling up" in some way, with something like this:

/usr/sbin/sshd//null-/usr/bin/bash//null-/usr/bin/sudo//null-/usr/bin/apt//null-/usr/bin/dash//null-/usr/bin/etckeeper//null-/etc/etckeeper/pre-install.d/50uncommitted-changes//null-/usr/bin/etckeeper//null-/usr/bin/perl

i have hundreds of such aa profiles piled up, and i have *just*
rebooted. so this may not just be a problem with journalctl but a more
general problem with my apparmor configuration...

here's the output of aa-status:

anarcat@marcos:apparmor.d[4]$ sudo aa-status
apparmor module is loaded.
436 profiles are loaded.
25 profiles are in enforce mode.
/usr/bin/freshclam
/usr/bin/man
/usr/bin/pidgin
/usr/bin/pidgin//sanitized_helper
/usr/bin/totem
/usr/bin/totem-audio-preview
/usr/bin/totem-video-thumbnailer
/usr/bin/totem//sanitized_helper
/usr/lib/NetworkManager/nm-dhcp-client.action
/usr/lib/NetworkManager/nm-dhcp-helper
/usr/lib/connman/scripts/dhclient-script
/usr/sbin/chronyd
/{,usr/}sbin/dhclient
apt-cacher-ng
docker-default
libvirtd
libvirtd//qemu_bridge_helper
lsb_release
man_filter
man_groff
nvidia_modprobe
nvidia_modprobe//kmod
system_tor
unbound
virt-aa-helper
411 profiles are in complain mode.
/bin/netstat
/etc/cron.daily/logrotate
/etc/cron.daily/slocate.cron
/etc/cron.daily/tmpwatch
/sbin/dhcpcd
/sbin/portmap
/sbin/resmgrd
/sbin/rpc.lockd
/sbin/rpc.statd
/usr/NX/bin/nxclient
/usr/X11R6/bin/acroread
/usr/bin/apropos
/usr/bin/evolution-2.10
/usr/bin/fam
/usr/bin/gaim
/usr/bin/irssi
/usr/bin/mlmmj-bounce
/usr/bin/mlmmj-maintd
/usr/bin/mlmmj-make-ml.sh
/usr/bin/mlmmj-process
/usr/bin/mlmmj-recieve
/usr/bin/mlmmj-send
/usr/bin/mlmmj-sub
/usr/bin/mlmmj-unsub
/usr/bin/opera
/usr/bin/passwd
/usr/bin/procmail
/usr/bin/skype
/usr/bin/spamc
/usr/bin/svnserve
/usr/bin/wireshark
/usr/bin/xfs
/usr/lib/GConf/2/gconfd-2
/usr/lib/RealPlayer10/realplay
/usr/lib/bonobo/bonobo-activation-server
/usr/lib/evolution-data-server/evolution-data-server-1.10
/usr/lib/firefox/firefox.sh
/usr/lib/firefox/mozilla-xremote-client
/usr/lib/firefox{,-[0-9]*}/firefox{,*[^s][^h]}
/usr/lib/postfix/anvil
/usr/lib/postfix/bounce
/usr/lib/postfix/cleanup
/usr/lib/postfix/discard
/usr/lib/postfix/error
/usr/lib/postfix/flush
/usr/lib/postfix/lmtp
/usr/lib/postfix/local
/usr/lib/postfix/master
/usr/lib/postfix/nqmgr
/usr/lib/postfix/oqmgr
/usr/lib/postfix/pickup
/usr/lib/postfix/pipe
/usr/lib/postfix/proxymap
/usr/lib/postfix/qmgr
/usr/lib/postfix/qmqpd
/usr/lib/postfix/scache
/usr/lib/postfix/showq
/usr/lib/postfix/smtp
/usr/lib/postfix/smtpd
/usr/lib/postfix/spawn
/usr/lib/postfix/tlsmgr
/usr/lib/postfix/trivial-rewrite
/usr/lib/postfix/verify
/usr/lib/postfix/virtual
/usr/lib64/GConf/2/gconfd-2
/usr/sbin/dhcpd
/usr/sbin/httpd2-prefork
/usr/sbin/httpd2-prefork//DEFAULT_URI
/usr/sbin/httpd2-prefork//HANDLING_UNTRUSTED_INPUT
/usr/sbin/imapd
/usr/sbin/in.fingerd
/usr/sbin/in.ftpd
/usr/sbin/in.ntalkd
/usr/sbin/ipop2d
/usr/sbin/ipop3d
/usr/sbin/lighttpd
/usr/sbin/oidentd
/usr/sbin/popper
/usr/sbin/postalias
/usr/sbin/postdrop
/usr/sbin/postmap
/usr/sbin/postqueue
/usr/sbin/sendmail
/usr/sbin/sendmail.postfix
/usr/sbin/sendmail.sendmail
/usr/sbin/spamd
/usr/sbin/spamd//null-/usr/bin/pwd
/usr/sbin/spamd//null-/usr/bin/pyzor
/usr/sbin/squid
/usr/sbin/sshd
/usr/sbin/sshd//AUTHENTICATED
/usr/sbin/sshd//EXEC
/usr/sbin/sshd//PRIVSEP
/usr/sbin/sshd//PRIVSEP_MONITOR
/usr/sbin/sshd//null-/usr/bin/bash
/usr/sbin/sshd//null-/usr/bin/bash//null-/usr/bin/apt
/usr/sbin/sshd//null-/usr/bin/bash//null-/usr/bin/apt-cache
/usr/sbin/sshd//null-/usr/bin/bash//null-/usr/bin/apt-cache//null-/usr/bin/dpkg
/usr/sbin/sshd//null-/usr/bin/bash//null-/usr/bin/apt-file
/usr/sbin/sshd//null-/usr/bin/bash//null-/usr/bin/apt-file//null-/usr/bin/apt-get
/usr/sbin/sshd//null-/usr/bin/bash//null-/usr/bin/apt-file//null-/usr/bin/apt-get//null-/usr/bin/dpkg
/usr/sbin/sshd//null-/usr/bin/bash//null-/usr/bin/apt-file//null-/usr/bin/grep
/usr/sbin/sshd//null-/usr/bin/bash//null-/usr/bin/apt-file//null-/usr/bin/xargs
/usr/sbin/sshd//null-/usr/bin/bash//null-/usr/bin/apt-file//null-/usr/bin/xargs//null-/usr/lib/apt/apt-helper
/usr/sbin/sshd//null-/usr/bin/bash//null-/usr/bin/apt//null-/usr/bin/dpkg
/usr/sbin/sshd//null-/usr/bin/bash//null-/usr/bin/cat
/usr/sbin/sshd//null-/usr/bin/bash//null-/usr/bin/cksum
/usr/sbin/sshd//null-/usr/bin/bash//null-/usr/bin/cut
/usr/sbin/sshd//null-/usr/bin/bash//null-/usr/bin/dircolors
/usr/sbin/sshd//null-/usr/bin/bash//null-/usr/bin/dpkg
/usr/sbin/sshd//null-/usr/bin/bash//null-/usr/bin/dpkg//null-/usr/bin/dpkg-query
/usr/sbin/sshd//null-/usr/bin/bash//null-/usr/bin/dpkg//null-/usr/bin/dpkg-query//null-/usr/bin/dash
/usr/sbin/sshd//null-/usr/bin/bash//null-/usr/bin/dpkg//null-/usr/bin/dpkg-query//null-/usr/bin/dash//null-/usr/bin/less
/usr/sbin/sshd//null-/usr/bin/bash//null-/usr/bin/grep
/usr/sbin/sshd//null-/usr/bin/bash//null-/usr/bin/hostname
/usr/sbin/sshd//null-/usr/bin/bash//null-/usr/bin/id
/usr/sbin/sshd//null-/usr/bin/bash//null-/usr/bin/journalctl
/usr/sbin/sshd//null-/usr/bin/bash//null-/usr/bin/less
/usr/sbin/sshd//null-/usr/bin/bash//null-/usr/bin/ls
/usr/sbin/sshd//null-/usr/bin/bash//null-/usr/bin/sed
/usr/sbin/sshd//null-/usr/bin/bash//null-/usr/bin/sudo
/usr/sbin/sshd//null-/usr/bin/bash//null-/usr/bin/sudo//null-/usr/bin/apt
/usr/sbin/sshd//null-/usr/bin/bash//null-/usr/bin/sudo//null-/usr/bin/apt-mark
/usr/sbin/sshd//null-/usr/bin/bash//null-/usr/bin/sudo//null-/usr/bin/apt-mark//null-/usr/bin/dpkg
/usr/sbin/sshd//null-/usr/bin/bash//null-/usr/bin/sudo//null-/usr/bin/apt//null-/usr/bin/dash
/usr/sbin/sshd//null-/usr/bin/bash//null-/usr/bin/sudo//null-/usr/bin/apt//null-/usr/bin/dash//null-/usr/bin/apt-listchanges
/usr/sbin/sshd//null-/usr/bin/bash//null-/usr/bin/sudo//null-/usr/bin/apt//null-/usr/bin/dash//null-/usr/bin/apt-listchanges//null-/usr/bin/dash
/usr/sbin/sshd//null-/usr/bin/bash//null-/usr/bin/sudo//null-/usr/bin/apt//null-/usr/bin/dash//null-/usr/bin/apt-listchanges//null-/usr/bin/dash//null-/usr/bin/dpkg-deb
/usr/sbin/sshd//null-/usr/bin/bash//null-/usr/bin/sudo//null-/usr/bin/apt//null-/usr/bin/dash//null-/usr/bin/apt-listchanges//null-/usr/bin/dash//null-/usr/bin/hostname
/usr/sbin/sshd//null-/usr/bin/bash//null-/usr/bin/sudo//null-/usr/bin/apt//null-/usr/bin/dash//null-/usr/bin/apt-listchanges//null-/usr/bin/dash//null-/usr/bin/tar
/usr/sbin/sshd//null-/usr/bin/bash//null-/usr/bin/sudo//null-/usr/bin/apt//null-/usr/bin/dash//null-/usr/bin/apt-listchanges//null-/usr/bin/dpkg-deb
/usr/sbin/sshd//null-/usr/bin/bash//null-/usr/bin/sudo//null-/usr/bin/apt//null-/usr/bin/dash//null-/usr/bin/apt-listchanges//null-/usr/bin/dpkg-deb//null-/usr/bin/rm
/usr/sbin/sshd//null-/usr/bin/bash//null-/usr/bin/sudo//null-/usr/bin/apt//null-/usr/bin/dash//null-/usr/bin/apt-listchanges//null-/usr/bin/dpkg-deb//null-/usr/bin/tar
/usr/sbin/sshd//null-/usr/bin/bash//null-/usr/bin/sudo//null-/usr/bin/apt//null-/usr/bin/dash//null-/usr/bin/apt-listchanges//null-/usr/sbin/sendmail
/usr/sbin/sshd//null-/usr/bin/bash//null-/usr/bin/sudo//null-/usr/bin/apt//null-/usr/bin/dash//null-/usr/bin/apt-listchanges//null-/usr/sbin/sendmail//null-/usr/sbin/postdrop
/usr/sbin/sshd//null-/usr/bin/bash//null-/usr/bin/sudo//null-/usr/bin/apt//null-/usr/bin/dash//null-/usr/bin/egrep
/usr/sbin/sshd//null-/usr/bin/bash//null-/usr/bin/sudo//null-/usr/bin/apt//null-/usr/bin/dash//null-/usr/bin/egrep//null-/usr/bin/grep
/usr/sbin/sshd//null-/usr/bin/bash//null-/usr/bin/sudo//null-/usr/bin/apt//null-/usr/bin/dash//null-/usr/bin/etckeeper
/usr/sbin/sshd//null-/usr/bin/bash//null-/usr/bin/sudo//null-/usr/bin/apt//null-/usr/bin/dash//null-/usr/bin/etckeeper//null-/etc/etckeeper/post-install.d/50vcs-commit
/usr/sbin/sshd//null-/usr/bin/bash//null-/usr/bin/sudo//null-/usr/bin/apt//null-/usr/bin/dash//null-/usr/bin/etckeeper//null-/etc/etckeeper/post-install.d/50vcs-commit//null-/usr/bin/cat
/usr/sbin/sshd//null-/usr/bin/bash//null-/usr/bin/sudo//null-/usr/bin/apt//null-/usr/bin/dash//null-/usr/bin/etckeeper//null-/etc/etckeeper/post-install.d/50vcs-commit//null-/usr/bin/cut
/usr/sbin/sshd//null-/usr/bin/bash//null-/usr/bin/sudo//null-/usr/bin/apt//null-/usr/bin/dash//null-/usr/bin/etckeeper//null-/etc/etckeeper/post-install.d/50vcs-commit//null-/usr/bin/diff
/usr/sbin/sshd//null-/usr/bin/bash//null-/usr/bin/sudo//null-/usr/bin/apt//null-/usr/bin/dash//null-/usr/bin/etckeeper//null-/etc/etckeeper/post-install.d/50vcs-commit//null-/usr/bin/etckeeper
/usr/sbin/sshd//null-/usr/bin/bash//null-/usr/bin/sudo//null-/usr/bin/apt//null-/usr/bin/dash//null-/usr/bin/etckeeper//null-/etc/etckeeper/post-install.d/50vcs-commit//null-/usr/bin/etckeeper//null-/etc/etckeeper/commit.d/10vcs-test
/usr/sbin/sshd//null-/usr/bin/bash//null-/usr/bin/sudo//null-/usr/bin/apt//null-/usr/bin/dash//null-/usr/bin/etckeeper//null-/etc/etckeeper/post-install.d/50vcs-commit//null-/usr/bin/etckeeper//null-/etc/etckeeper/commit.d/30bzr-add
/usr/sbin/sshd//null-/usr/bin/bash//null-/usr/bin/sudo//null-/usr/bin/apt//null-/usr/bin/dash//null-/usr/bin/etckeeper//null-/etc/etckeeper/post-install.d/50vcs-commit//null-/usr/bin/etckeeper//null-/etc/etckeeper/commit.d/30darcs-add
/usr/sbin/sshd//null-/usr/bin/bash//null-/usr/bin/sudo//null-/usr/bin/apt//null-/usr/bin/dash//null-/usr/bin/etckeeper//null-/etc/etckeeper/post-install.d/50vcs-commit//null-/usr/bin/etckeeper//null-/etc/etckeeper/commit.d/30git-add
/usr/sbin/sshd//null-/usr/bin/bash//null-/usr/bin/sudo//null-/usr/bin/apt//null-/usr/bin/dash//null-/usr/bin/etckeeper//null-/etc/etckeeper/post-install.d/50vcs-commit//null-/usr/bin/etckeeper//null-/etc/etckeeper/commit.d/30git-add//null-/usr/bin/git
/usr/sbin/sshd//null-/usr/bin/bash//null-/usr/bin/sudo//null-/usr/bin/apt//null-/usr/bin/dash//null-/usr/bin/etckeeper//null-/etc/etckeeper/post-install.d/50vcs-commit//null-/usr/bin/etckeeper//null-/etc/etckeeper/commit.d/30git-add//null-/usr/bin/git//null-/usr/lib/git-core/git
/usr/sbin/sshd//null-/usr/bin/bash//null-/usr/bin/sudo//null-/usr/bin/apt//null-/usr/bin/dash//null-/usr/bin/etckeeper//null-/etc/etckeeper/post-install.d/50vcs-commit//null-/usr/bin/etckeeper//null-/etc/etckeeper/commit.d/30hg-addremove
/usr/sbin/sshd//null-/usr/bin/bash//null-/usr/bin/sudo//null-/usr/bin/apt//null-/usr/bin/dash//null-/usr/bin/etckeeper//null-/etc/etckeeper/post-install.d/50vcs-commit//null-/usr/bin/etckeeper//null-/etc/etckeeper/commit.d/50vcs-commit
/usr/sbin/sshd//null-/usr/bin/bash//null-/usr/bin/sudo//null-/usr/bin/apt//null-/usr/bin/dash//null-/usr/bin/etckeeper//null-/etc/etckeeper/post-install.d/50vcs-commit//null-/usr/bin/etckeeper//null-/etc/etckeeper/commit.d/50vcs-commit//null-/usr/bin/cat
/usr/sbin/sshd//null-/usr/bin/bash//null-/usr/bin/sudo//null-/usr/bin/apt//null-/usr/bin/dash//null-/usr/bin/etckeeper//null-/etc/etckeeper/post-install.d/50vcs-commit//null-/usr/bin/etckeeper//null-/etc/etckeeper/commit.d/50vcs-commit//null-/usr/bin/cut
/usr/sbin/sshd//null-/usr/bin/bash//null-/usr/bin/sudo//null-/usr/bin/apt//null-/usr/bin/dash//null-/usr/bin/etckeeper//null-/etc/etckeeper/post-install.d/50vcs-commit//null-/usr/bin/etckeeper//null-/etc/etckeeper/commit.d/50vcs-commit//null-/usr/bin/getent
/usr/sbin/sshd//null-/usr/bin/bash//null-/usr/bin/sudo//null-/usr/bin/apt//null-/usr/bin/dash//null-/usr/bin/etckeeper//null-/etc/etckeeper/post-install.d/50vcs-commit//null-/usr/bin/etckeeper//null-/etc/etckeeper/commit.d/50vcs-commit//null-/usr/bin/git
/usr/sbin/sshd//null-/usr/bin/bash//null-/usr/bin/sudo//null-/usr/bin/apt//null-/usr/bin/dash//null-/usr/bin/etckeeper//null-/etc/etckeeper/post-install.d/50vcs-commit//null-/usr/bin/etckeeper//null-/etc/etckeeper/commit.d/50vcs-commit//null-/usr/bin/git//null-/etc/.git/hooks/pre-commit
/usr/sbin/sshd//null-/usr/bin/bash//null-/usr/bin/sudo//null-/usr/bin/apt//null-/usr/bin/dash//null-/usr/bin/etckeeper//null-/etc/etckeeper/post-install.d/50vcs-commit//null-/usr/bin/etckeeper//null-/etc/etckeeper/commit.d/50vcs-commit//null-/usr/bin/git//null-/etc/.git/hooks/pre-commit//null-/usr/bin/etckeeper
/usr/sbin/sshd//null-/usr/bin/bash//null-/usr/bin/sudo//null-/usr/bin/apt//null-/usr/bin/dash//null-/usr/bin/etckeeper//null-/etc/etckeeper/post-install.d/50vcs-commit//null-/usr/bin/etckeeper//null-/etc/etckeeper/commit.d/50vcs-commit//null-/usr/bin/git//null-/etc/.git/hooks/pre-commit//null-/usr/bin/etckeeper//null-/etc/etckeeper/pre-commit.d/20warn-problem-files
/usr/sbin/sshd//null-/usr/bin/bash//null-/usr/bin/sudo//null-/usr/bin/apt//null-/usr/bin/dash//null-/usr/bin/etckeeper//null-/etc/etckeeper/post-install.d/50vcs-commit//null-/usr/bin/etckeeper//null-/etc/etckeeper/commit.d/50vcs-commit//null-/usr/bin/git//null-/etc/.git/hooks/pre-commit//null-/usr/bin/etckeeper//null-/etc/etckeeper/pre-commit.d/20warn-problem-files//null-/usr/bin/find
/usr/sbin/sshd//null-/usr/bin/bash//null-/usr/bin/sudo//null-/usr/bin/apt//null-/usr/bin/dash//null-/usr/bin/etckeeper//null-/etc/etckeeper/post-install.d/50vcs-commit//null-/usr/bin/etckeeper//null-/etc/etckeeper/commit.d/50vcs-commit//null-/usr/bin/git//null-/etc/.git/hooks/pre-commit//null-/usr/bin/etckeeper//null-/etc/etckeeper/pre-commit.d/20warn-problem-files//null-/usr/bin/find//null-/usr/lib/git-core/git
/usr/sbin/sshd//null-/usr/bin/bash//null-/usr/bin/sudo//null-/usr/bin/apt//null-/usr/bin/dash//null-/usr/bin/etckeeper//null-/etc/etckeeper/post-install.d/50vcs-commit//null-/usr/bin/etckeeper//null-/etc/etckeeper/commit.d/50vcs-commit//null-/usr/bin/git//null-/etc/.git/hooks/pre-commit//null-/usr/bin/etckeeper//null-/etc/etckeeper/pre-commit.d/20warn-problem-files//null-/usr/bin/grep
/usr/sbin/sshd//null-/usr/bin/bash//null-/usr/bin/sudo//null-/usr/bin/apt//null-/usr/bin/dash//null-/usr/bin/etckeeper//null-/etc/etckeeper/post-install.d/50vcs-commit//null-/usr/bin/etckeeper//null-/etc/etckeeper/commit.d/50vcs-commit//null-/usr/bin/git//null-/etc/.git/hooks/pre-commit//null-/usr/bin/etckeeper//null-/etc/etckeeper/pre-commit.d/30store-metadata
/usr/sbin/sshd//null-/usr/bin/bash//null-/usr/bin/sudo//null-/usr/bin/apt//null-/usr/bin/dash//null-/usr/bin/etckeeper//null-/etc/etckeeper/post-install.d/50vcs-commit//null-/usr/bin/etckeeper//null-/etc/etckeeper/commit.d/50vcs-commit//null-/usr/bin/git//null-/etc/.git/hooks/pre-commit//null-/usr/bin/etckeeper//null-/etc/etckeeper/pre-commit.d/30store-metadata//null-/usr/bin/chmod
/usr/sbin/sshd//null-/usr/bin/bash//null-/usr/bin/sudo//null-/usr/bin/apt//null-/usr/bin/dash//null-/usr/bin/etckeeper//null-/etc/etckeeper/post-install.d/50vcs-commit//null-/usr/bin/etckeeper//null-/etc/etckeeper/commit.d/50vcs-commit//null-/usr/bin/git//null-/etc/.git/hooks/pre-commit//null-/usr/bin/etckeeper//null-/etc/etckeeper/pre-commit.d/30store-metadata//null-/usr/bin/perl
/usr/sbin/sshd//null-/usr/bin/bash//null-/usr/bin/sudo//null-/usr/bin/apt//null-/usr/bin/dash//null-/usr/bin/etckeeper//null-/etc/etckeeper/post-install.d/50vcs-commit//null-/usr/bin/etckeeper//null-/etc/etckeeper/commit.d/50vcs-commit//null-/usr/bin/git//null-/etc/.git/hooks/pre-commit//null-/usr/bin/etckeeper//null-/etc/etckeeper/pre-commit.d/30store-metadata//null-/usr/bin/sed
/usr/sbin/sshd//null-/usr/bin/bash//null-/usr/bin/sudo//null-/usr/bin/apt//null-/usr/bin/dash//null-/usr/bin/etckeeper//null-/etc/etckeeper/post-install.d/50vcs-commit//null-/usr/bin/etckeeper//null-/etc/etckeeper/commit.d/50vcs-commit//null-/usr/bin/git//null-/etc/.git/hooks/pre-commit//null-/usr/bin/etckeeper//null-/etc/etckeeper/pre-commit.d/30store-metadata//null-/usr/bin/sort
/usr/sbin/sshd//null-/usr/bin/bash//null-/usr/bin/sudo//null-/usr/bin/apt//null-/usr/bin/dash//null-/usr/bin/etckeeper//null-/etc/etckeeper/post-install.d/50vcs-commit//null-/usr/bin/etckeeper//null-/etc/etckeeper/commit.d/50vcs-commit//null-/usr/bin/git//null-/etc/.git/hooks/pre-commit//null-/usr/bin/etckeeper//null-/etc/etckeeper/pre-commit.d/30store-metadata//null-/usr/lib/git-core/git
/usr/sbin/sshd//null-/usr/bin/bash//null-/usr/bin/sudo//null-/usr/bin/apt//null-/usr/bin/dash//null-/usr/bin/etckeeper//null-/etc/etckeeper/post-install.d/50vcs-commit//null-/usr/bin/etckeeper//null-/etc/etckeeper/commit.d/50vcs-commit//null-/usr/bin/git//null-/etc/.git/hooks/pre-commit//null-/usr/bin/etckeeper//null-/usr/bin/grep
/usr/sbin/sshd//null-/usr/bin/bash//null-/usr/bin/sudo//null-/usr/bin/apt//null-/usr/bin/dash//null-/usr/bin/etckeeper//null-/etc/etckeeper/post-install.d/50vcs-commit//null-/usr/bin/etckeeper//null-/etc/etckeeper/commit.d/50vcs-commit//null-/usr/bin/git//null-/etc/.git/hooks/pre-commit//null-/usr/bin/etckeeper//null-/usr/bin/perl
/usr/sbin/sshd//null-/usr/bin/bash//null-/usr/bin/sudo//null-/usr/bin/apt//null-/usr/bin/dash//null-/usr/bin/etckeeper//null-/etc/etckeeper/post-install.d/50vcs-commit//null-/usr/bin/etckeeper//null-/etc/etckeeper/commit.d/50vcs-commit//null-/usr/bin/git//null-/etc/etckeeper/init.d/20restore-etckeeper
/usr/sbin/sshd//null-/usr/bin/bash//null-/usr/bin/sudo//null-/usr/bin/apt//null-/usr/bin/dash//null-/usr/bin/etckeeper//null-/etc/etckeeper/post-install.d/50vcs-commit//null-/usr/bin/etckeeper//null-/etc/etckeeper/commit.d/50vcs-commit//null-/usr/bin/git//null-/etc/etckeeper/init.d/20restore-etckeeper//null-/usr/bin/chgrp
/usr/sbin/sshd//null-/usr/bin/bash//null-/usr/bin/sudo//null-/usr/bin/apt//null-/usr/bin/dash//null-/usr/bin/etckeeper//null-/etc/etckeeper/post-install.d/50vcs-commit//null-/usr/bin/etckeeper//null-/etc/etckeeper/commit.d/50vcs-commit//null-/usr/bin/git//null-/etc/etckeeper/init.d/20restore-etckeeper//null-/usr/bin/chmod
/usr/sbin/sshd//null-/usr/bin/bash//null-/usr/bin/sudo//null-/usr/bin/apt//null-/usr/bin/dash//null-/usr/bin/etckeeper//null-/etc/etckeeper/post-install.d/50vcs-commit//null-/usr/bin/etckeeper//null-/etc/etckeeper/commit.d/50vcs-commit//null-/usr/bin/git//null-/etc/etckeeper/init.d/20restore-etckeeper//null-/usr/bin/chown
/usr/sbin/sshd//null-/usr/bin/bash//null-/usr/bin/sudo//null-/usr/bin/apt//null-/usr/bin/dash//null-/usr/bin/etckeeper//null-/etc/etckeeper/post-install.d/50vcs-commit//null-/usr/bin/etckeeper//null-/etc/etckeeper/commit.d/50vcs-commit//null-/usr/bin/git//null-/etc/etckeeper/init.d/20restore-etckeeper//null-/usr/bin/mkdir
/usr/sbin/sshd//null-/usr/bin/bash//null-/usr/bin/sudo//null-/usr/bin/apt//null-/usr/bin/dash//null-/usr/bin/etckeeper//null-/etc/etckeeper/post-install.d/50vcs-commit//null-/usr/bin/etckeeper//null-/etc/etckeeper/commit.d/50vcs-commit//null-/usr/bin/git//null-/usr/lib/git-core/git
/usr/sbin/sshd//null-/usr/bin/bash//null-/usr/bin/sudo//null-/usr/bin/apt//null-/usr/bin/dash//null-/usr/bin/etckeeper//null-/etc/etckeeper/post-install.d/50vcs-commit//null-/usr/bin/etckeeper//null-/etc/etckeeper/commit.d/50vcs-commit//null-/usr/bin/hostname
/usr/sbin/sshd//null-/usr/bin/bash//null-/usr/bin/sudo//null-/usr/bin/apt//null-/usr/bin/dash//null-/usr/bin/etckeeper//null-/etc/etckeeper/post-install.d/50vcs-commit//null-/usr/bin/etckeeper//null-/etc/etckeeper/commit.d/50vcs-commit//null-/usr/bin/mktemp
/usr/sbin/sshd//null-/usr/bin/bash//null-/usr/bin/sudo//null-/usr/bin/apt//null-/usr/bin/dash//null-/usr/bin/etckeeper//null-/etc/etckeeper/post-install.d/50vcs-commit//null-/usr/bin/etckeeper//null-/etc/etckeeper/commit.d/50vcs-commit//null-/usr/bin/rm
/usr/sbin/sshd//null-/usr/bin/bash//null-/usr/bin/sudo//null-/usr/bin/apt//null-/usr/bin/dash//null-/usr/bin/etckeeper//null-/etc/etckeeper/post-install.d/50vcs-commit//null-/usr/bin/etckeeper//null-/etc/etckeeper/commit.d/50vcs-commit//null-/usr/bin/whoami
/usr/sbin/sshd//null-/usr/bin/bash//null-/usr/bin/sudo//null-/usr/bin/apt//null-/usr/bin/dash//null-/usr/bin/etckeeper//null-/etc/etckeeper/post-install.d/50vcs-commit//null-/usr/bin/etckeeper//null-/etc/etckeeper/commit.d/99push
/usr/sbin/sshd//null-/usr/bin/bash//null-/usr/bin/sudo//null-/usr/bin/apt//null-/usr/bin/dash//null-/usr/bin/etckeeper//null-/etc/etckeeper/post-install.d/50vcs-commit//null-/usr/bin/etckeeper//null-/etc/etckeeper/list-installed.d/50list-installed
/usr/sbin/sshd//null-/usr/bin/bash//null-/usr/bin/sudo//null-/usr/bin/apt//null-/usr/bin/dash//null-/usr/bin/etckeeper//null-/etc/etckeeper/post-install.d/50vcs-commit//null-/usr/bin/etckeeper//null-/etc/etckeeper/list-installed.d/50list-installed//null-/usr/bin/cut
/usr/sbin/sshd//null-/usr/bin/bash//null-/usr/bin/sudo//null-/usr/bin/apt//null-/usr/bin/dash//null-/usr/bin/etckeeper//null-/etc/etckeeper/post-install.d/50vcs-commit//null-/usr/bin/etckeeper//null-/etc/etckeeper/list-installed.d/50list-installed//null-/usr/bin/dpkg-query
/usr/sbin/sshd//null-/usr/bin/bash//null-/usr/bin/sudo//null-/usr/bin/apt//null-/usr/bin/dash//null-/usr/bin/etckeeper//null-/etc/etckeeper/post-install.d/50vcs-commit//null-/usr/bin/etckeeper//null-/etc/etckeeper/list-installed.d/50list-installed//null-/usr/bin/grep
/usr/sbin/sshd//null-/usr/bin/bash//null-/usr/bin/sudo//null-/usr/bin/apt//null-/usr/bin/dash//null-/usr/bin/etckeeper//null-/etc/etckeeper/post-install.d/50vcs-commit//null-/usr/bin/etckeeper//null-/etc/etckeeper/pre-commit.d/30store-metadata
/usr/sbin/sshd//null-/usr/bin/bash//null-/usr/bin/sudo//null-/usr/bin/apt//null-/usr/bin/dash//null-/usr/bin/etckeeper//null-/etc/etckeeper/post-install.d/50vcs-commit//null-/usr/bin/etckeeper//null-/etc/etckeeper/pre-commit.d/30store-metadata//null-/usr/bin/chmod
/usr/sbin/sshd//null-/usr/bin/bash//null-/usr/bin/sudo//null-/usr/bin/apt//null-/usr/bin/dash//null-/usr/bin/etckeeper//null-/etc/etckeeper/post-install.d/50vcs-commit//null-/usr/bin/etckeeper//null-/etc/etckeeper/pre-commit.d/30store-metadata//null-/usr/bin/git
/usr/sbin/sshd//null-/usr/bin/bash//null-/usr/bin/sudo//null-/usr/bin/apt//null-/usr/bin/dash//null-/usr/bin/etckeeper//null-/etc/etckeeper/post-install.d/50vcs-commit//null-/usr/bin/etckeeper//null-/etc/etckeeper/pre-commit.d/30store-metadata//null-/usr/bin/perl
/usr/sbin/sshd//null-/usr/bin/bash//null-/usr/bin/sudo//null-/usr/bin/apt//null-/usr/bin/dash//null-/usr/bin/etckeeper//null-/etc/etckeeper/post-install.d/50vcs-commit//null-/usr/bin/etckeeper//null-/etc/etckeeper/pre-commit.d/30store-metadata//null-/usr/bin/sed
/usr/sbin/sshd//null-/usr/bin/bash//null-/usr/bin/sudo//null-/usr/bin/apt//null-/usr/bin/dash//null-/usr/bin/etckeeper//null-/etc/etckeeper/post-install.d/50vcs-commit//null-/usr/bin/etckeeper//null-/etc/etckeeper/pre-commit.d/30store-metadata//null-/usr/bin/sort
/usr/sbin/sshd//null-/usr/bin/bash//null-/usr/bin/sudo//null-/usr/bin/apt//null-/usr/bin/dash//null-/usr/bin/etckeeper//null-/etc/etckeeper/post-install.d/50vcs-commit//null-/usr/bin/etckeeper//null-/etc/etckeeper/unclean.d/50test
/usr/sbin/sshd//null-/usr/bin/bash//null-/usr/bin/sudo//null-/usr/bin/apt//null-/usr/bin/dash//null-/usr/bin/etckeeper//null-/etc/etckeeper/post-install.d/50vcs-commit//null-/usr/bin/etckeeper//null-/etc/etckeeper/unclean.d/50test//null-/usr/bin/git
/usr/sbin/sshd//null-/usr/bin/bash//null-/usr/bin/sudo//null-/usr/bin/apt//null-/usr/bin/dash//null-/usr/bin/etckeeper//null-/etc/etckeeper/post-install.d/50vcs-commit//null-/usr/bin/etckeeper//null-/etc/etckeeper/unclean.d/50test//null-/usr/bin/git//null-/usr/lib/git-core/git
/usr/sbin/sshd//null-/usr/bin/bash//null-/usr/bin/sudo//null-/usr/bin/apt//null-/usr/bin/dash//null-/usr/bin/etckeeper//null-/etc/etckeeper/post-install.d/50vcs-commit//null-/usr/bin/etckeeper//null-/usr/bin/grep
/usr/sbin/sshd//null-/usr/bin/bash//null-/usr/bin/sudo//null-/usr/bin/apt//null-/usr/bin/dash//null-/usr/bin/etckeeper//null-/etc/etckeeper/post-install.d/50vcs-commit//null-/usr/bin/etckeeper//null-/usr/bin/perl
/usr/sbin/sshd//null-/usr/bin/bash//null-/usr/bin/sudo//null-/usr/bin/apt//null-/usr/bin/dash//null-/usr/bin/etckeeper//null-/etc/etckeeper/post-install.d/50vcs-commit//null-/usr/bin/git
/usr/sbin/sshd//null-/usr/bin/bash//null-/usr/bin/sudo//null-/usr/bin/apt//null-/usr/bin/dash//null-/usr/bin/etckeeper//null-/etc/etckeeper/post-install.d/50vcs-commit//null-/usr/bin/git//null-/usr/lib/git-core/git
/usr/sbin/sshd//null-/usr/bin/bash//null-/usr/bin/sudo//null-/usr/bin/apt//null-/usr/bin/dash//null-/usr/bin/etckeeper//null-/etc/etckeeper/post-install.d/50vcs-commit//null-/usr/bin/grep
/usr/sbin/sshd//null-/usr/bin/bash//null-/usr/bin/sudo//null-/usr/bin/apt//null-/usr/bin/dash//null-/usr/bin/etckeeper//null-/etc/etckeeper/post-install.d/50vcs-commit//null-/usr/bin/ps
/usr/sbin/sshd//null-/usr/bin/bash//null-/usr/bin/sudo//null-/usr/bin/apt//null-/usr/bin/dash//null-/usr/bin/etckeeper//null-/etc/etckeeper/post-install.d/50vcs-commit//null-/usr/bin/rm
/usr/sbin/sshd//null-/usr/bin/bash//null-/usr/bin/sudo//null-/usr/bin/apt//null-/usr/bin/dash//null-/usr/bin/etckeeper//null-/etc/etckeeper/post-install.d/50vcs-commit//null-/usr/bin/sed
/usr/sbin/sshd//null-/usr/bin/bash//null-/usr/bin/sudo//null-/usr/bin/apt//null-/usr/bin/dash//null-/usr/bin/etckeeper//null-/etc/etckeeper/post-install.d/50vcs-commit//null-/usr/bin/sort
/usr/sbin/sshd//null-/usr/bin/bash//null-/usr/bin/sudo//null-/usr/bin/apt//null-/usr/bin/dash//null-/usr/bin/etckeeper//null-/etc/etckeeper/post-install.d/50vcs-commit//null-/usr/bin/tail
/usr/sbin/sshd//null-/usr/bin/bash//null-/usr/bin/sudo//null-/usr/bin/apt//null-/usr/bin/dash//null-/usr/bin/etckeeper//null-/etc/etckeeper/post-install.d/50vcs-commit//null-/usr/bin/uniq
/usr/sbin/sshd//null-/usr/bin/bash//null-/usr/bin/sudo//null-/usr/bin/apt//null-/usr/bin/dash//null-/usr/bin/etckeeper//null-/etc/etckeeper/post-install.d/50vcs-commit//null-/usr/bin/xargs
/usr/sbin/sshd//null-/usr/bin/bash//null-/usr/bin/sudo//null-/usr/bin/apt//null-/usr/bin/dash//null-/usr/bin/etckeeper//null-/etc/etckeeper/post-install.d/50vcs-commit//null-/usr/bin/xargs//null-/usr/bin/dpkg
/usr/sbin/sshd//null-/usr/bin/bash//null-/usr/bin/sudo//null-/usr/bin/apt//null-/usr/bin/dash//null-/usr/bin/etckeeper//null-/etc/etckeeper/post-install.d/50vcs-commit//null-/usr/bin/xargs//null-/usr/bin/dpkg//null-/usr/bin/dpkg-query
/usr/sbin/sshd//null-/usr/bin/bash//null-/usr/bin/sudo//null-/usr/bin/apt//null-/usr/bin/dash//null-/usr/bin/etckeeper//null-/etc/etckeeper/pre-install.d/10packagelist
/usr/sbin/sshd//null-/usr/bin/bash//null-/usr/bin/sudo//null-/usr/bin/apt//null-/usr/bin/dash//null-/usr/bin/etckeeper//null-/etc/etckeeper/pre-install.d/10packagelist//null-/usr/bin/etckeeper
/usr/sbin/sshd//null-/usr/bin/bash//null-/usr/bin/sudo//null-/usr/bin/apt//null-/usr/bin/dash//null-/usr/bin/etckeeper//null-/etc/etckeeper/pre-install.d/10packagelist//null-/usr/bin/etckeeper//null-/etc/etckeeper/list-installed.d/50list-installed
/usr/sbin/sshd//null-/usr/bin/bash//null-/usr/bin/sudo//null-/usr/bin/apt//null-/usr/bin/dash//null-/usr/bin/etckeeper//null-/etc/etckeeper/pre-install.d/10packagelist//null-/usr/bin/etckeeper//null-/etc/etckeeper/list-installed.d/50list-installed//null-/usr/bin/cut
/usr/sbin/sshd//null-/usr/bin/bash//null-/usr/bin/sudo//null-/usr/bin/apt//null-/usr/bin/dash//null-/usr/bin/etckeeper//null-/etc/etckeeper/pre-install.d/10packagelist//null-/usr/bin/etckeeper//null-/etc/etckeeper/list-installed.d/50list-installed//null-/usr/bin/dpkg-query
/usr/sbin/sshd//null-/usr/bin/bash//null-/usr/bin/sudo//null-/usr/bin/apt//null-/usr/bin/dash//null-/usr/bin/etckeeper//null-/etc/etckeeper/pre-install.d/10packagelist//null-/usr/bin/etckeeper//null-/etc/etckeeper/list-installed.d/50list-installed//null-/usr/bin/grep
/usr/sbin/sshd//null-/usr/bin/bash//null-/usr/bin/sudo//null-/usr/bin/apt//null-/usr/bin/dash//null-/usr/bin/etckeeper//null-/etc/etckeeper/pre-install.d/10packagelist//null-/usr/bin/etckeeper//null-/usr/bin/grep
/usr/sbin/sshd//null-/usr/bin/bash//null-/usr/bin/sudo//null-/usr/bin/apt//null-/usr/bin/dash//null-/usr/bin/etckeeper//null-/etc/etckeeper/pre-install.d/10packagelist//null-/usr/bin/etckeeper//null-/usr/bin/perl
/usr/sbin/sshd//null-/usr/bin/bash//null-/usr/bin/sudo//null-/usr/bin/apt//null-/usr/bin/dash//null-/usr/bin/etckeeper//null-/etc/etckeeper/pre-install.d/10packagelist//null-/usr/bin/mkdir
/usr/sbin/sshd//null-/usr/bin/bash//null-/usr/bin/sudo//null-/usr/bin/apt//null-/usr/bin/dash//null-/usr/bin/etckeeper//null-/etc/etckeeper/pre-install.d/50uncommitted-changes
/usr/sbin/sshd//null-/usr/bin/bash//null-/usr/bin/sudo//null-/usr/bin/apt//null-/usr/bin/dash//null-/usr/bin/etckeeper//null-/etc/etckeeper/pre-install.d/50uncommitted-changes//null-/usr/bin/etckeeper
/usr/sbin/sshd//null-/usr/bin/bash//null-/usr/bin/sudo//null-/usr/bin/apt//null-/usr/bin/dash//null-/usr/bin/etckeeper//null-/etc/etckeeper/pre-install.d/50uncommitted-changes//null-/usr/bin/etckeeper//null-/etc/etckeeper/commit.d/10vcs-test
/usr/sbin/sshd//null-/usr/bin/bash//null-/usr/bin/sudo//null-/usr/bin/apt//null-/usr/bin/dash//null-/usr/bin/etckeeper//null-/etc/etckeeper/pre-install.d/50uncommitted-changes//null-/usr/bin/etckeeper//null-/etc/etckeeper/commit.d/30bzr-add
/usr/sbin/sshd//null-/usr/bin/bash//null-/usr/bin/sudo//null-/usr/bin/apt//null-/usr/bin/dash//null-/usr/bin/etckeeper//null-/etc/etckeeper/pre-install.d/50uncommitted-changes//null-/usr/bin/etckeeper//null-/etc/etckeeper/commit.d/30darcs-add
/usr/sbin/sshd//null-/usr/bin/bash//null-/usr/bin/sudo//null-/usr/bin/apt//null-/usr/bin/dash//null-/usr/bin/etckeeper//null-/etc/etckeeper/pre-install.d/50uncommitted-changes//null-/usr/bin/etckeeper//null-/etc/etckeeper/commit.d/30git-add
/usr/sbin/sshd//null-/usr/bin/bash//null-/usr/bin/sudo//null-/usr/bin/apt//null-/usr/bin/dash//null-/usr/bin/etckeeper//null-/etc/etckeeper/pre-install.d/50uncommitted-changes//null-/usr/bin/etckeeper//null-/etc/etckeeper/commit.d/30git-add//null-/usr/bin/git
/usr/sbin/sshd//null-/usr/bin/bash//null-/usr/bin/sudo//null-/usr/bin/apt//null-/usr/bin/dash//null-/usr/bin/etckeeper//null-/etc/etckeeper/pre-install.d/50uncommitted-changes//null-/usr/bin/etckeeper//null-/etc/etckeeper/commit.d/30git-add//null-/usr/bin/git//null-/usr/lib/git-core/git
/usr/sbin/sshd//null-/usr/bin/bash//null-/usr/bin/sudo//null-/usr/bin/apt//null-/usr/bin/dash//null-/usr/bin/etckeeper//null-/etc/etckeeper/pre-install.d/50uncommitted-changes//null-/usr/bin/etckeeper//null-/etc/etckeeper/commit.d/30hg-addremove
/usr/sbin/sshd//null-/usr/bin/bash//null-/usr/bin/sudo//null-/usr/bin/apt//null-/usr/bin/dash//null-/usr/bin/etckeeper//null-/etc/etckeeper/pre-install.d/50uncommitted-changes//null-/usr/bin/etckeeper//null-/etc/etckeeper/commit.d/50vcs-commit
/usr/sbin/sshd//null-/usr/bin/bash//null-/usr/bin/sudo//null-/usr/bin/apt//null-/usr/bin/dash//null-/usr/bin/etckeeper//null-/etc/etckeeper/pre-install.d/50uncommitted-changes//null-/usr/bin/etckeeper//null-/etc/etckeeper/commit.d/50vcs-commit//null-/usr/bin/cut
/usr/sbin/sshd//null-/usr/bin/bash//null-/usr/bin/sudo//null-/usr/bin/apt//null-/usr/bin/dash//null-/usr/bin/etckeeper//null-/etc/etckeeper/pre-install.d/50uncommitted-changes//null-/usr/bin/etckeeper//null-/etc/etckeeper/commit.d/50vcs-commit//null-/usr/bin/getent
/usr/sbin/sshd//null-/usr/bin/bash//null-/usr/bin/sudo//null-/usr/bin/apt//null-/usr/bin/dash//null-/usr/bin/etckeeper//null-/etc/etckeeper/pre-install.d/50uncommitted-changes//null-/usr/bin/etckeeper//null-/etc/etckeeper/commit.d/50vcs-commit//null-/usr/bin/git
/usr/sbin/sshd//null-/usr/bin/bash//null-/usr/bin/sudo//null-/usr/bin/apt//null-/usr/bin/dash//null-/usr/bin/etckeeper//null-/etc/etckeeper/pre-install.d/50uncommitted-changes//null-/usr/bin/etckeeper//null-/etc/etckeeper/commit.d/50vcs-commit//null-/usr/bin/git//null-/etc/.git/hooks/pre-commit
/usr/sbin/sshd//null-/usr/bin/bash//null-/usr/bin/sudo//null-/usr/bin/apt//null-/usr/bin/dash//null-/usr/bin/etckeeper//null-/etc/etckeeper/pre-install.d/50uncommitted-changes//null-/usr/bin/etckeeper//null-/etc/etckeeper/commit.d/50vcs-commit//null-/usr/bin/git//null-/etc/.git/hooks/pre-commit//null-/usr/bin/etckeeper
/usr/sbin/sshd//null-/usr/bin/bash//null-/usr/bin/sudo//null-/usr/bin/apt//null-/usr/bin/dash//null-/usr/bin/etckeeper//null-/etc/etckeeper/pre-install.d/50uncommitted-changes//null-/usr/bin/etckeeper//null-/etc/etckeeper/commit.d/50vcs-commit//null-/usr/bin/git//null-/etc/.git/hooks/pre-commit//null-/usr/bin/etckeeper//null-/etc/etckeeper/pre-commit.d/20warn-problem-files
/usr/sbin/sshd//null-/usr/bin/bash//null-/usr/bin/sudo//null-/usr/bin/apt//null-/usr/bin/dash//null-/usr/bin/etckeeper//null-/etc/etckeeper/pre-install.d/50uncommitted-changes//null-/usr/bin/etckeeper//null-/etc/etckeeper/commit.d/50vcs-commit//null-/usr/bin/git//null-/etc/.git/hooks/pre-commit//null-/usr/bin/etckeeper//null-/etc/etckeeper/pre-commit.d/20warn-problem-files//null-/usr/bin/find
/usr/sbin/sshd//null-/usr/bin/bash//null-/usr/bin/sudo//null-/usr/bin/apt//null-/usr/bin/dash//null-/usr/bin/etckeeper//null-/etc/etckeeper/pre-install.d/50uncommitted-changes//null-/usr/bin/etckeeper//null-/etc/etckeeper/commit.d/50vcs-commit//null-/usr/bin/git//null-/etc/.git/hooks/pre-commit//null-/usr/bin/etckeeper//null-/etc/etckeeper/pre-commit.d/20warn-problem-files//null-/usr/bin/find//null-/usr/lib/git-core/git
/usr/sbin/sshd//null-/usr/bin/bash//null-/usr/bin/sudo//null-/usr/bin/apt//null-/usr/bin/dash//null-/usr/bin/etckeeper//null-/etc/etckeeper/pre-install.d/50uncommitted-changes//null-/usr/bin/etckeeper//null-/etc/etckeeper/commit.d/50vcs-commit//null-/usr/bin/git//null-/etc/.git/hooks/pre-commit//null-/usr/bin/etckeeper//null-/etc/etckeeper/pre-commit.d/20warn-problem-files//null-/usr/bin/grep
/usr/sbin/sshd//null-/usr/bin/bash//null-/usr/bin/sudo//null-/usr/bin/apt//null-/usr/bin/dash//null-/usr/bin/etckeeper//null-/etc/etckeeper/pre-install.d/50uncommitted-changes//null-/usr/bin/etckeeper//null-/etc/etckeeper/commit.d/50vcs-commit//null-/usr/bin/git//null-/etc/.git/hooks/pre-commit//null-/usr/bin/etckeeper//null-/usr/bin/grep
/usr/sbin/sshd//null-/usr/bin/bash//null-/usr/bin/sudo//null-/usr/bin/apt//null-/usr/bin/dash//null-/usr/bin/etckeeper//null-/etc/etckeeper/pre-install.d/50uncommitted-changes//null-/usr/bin/etckeeper//null-/etc/etckeeper/commit.d/50vcs-commit//null-/usr/bin/git//null-/etc/.git/hooks/pre-commit//null-/usr/bin/etckeeper//null-/usr/bin/perl
/usr/sbin/sshd//null-/usr/bin/bash//null-/usr/bin/sudo//null-/usr/bin/apt//null-/usr/bin/dash//null-/usr/bin/etckeeper//null-/etc/etckeeper/pre-install.d/50uncommitted-changes//null-/usr/bin/etckeeper//null-/etc/etckeeper/commit.d/50vcs-commit//null-/usr/bin/git//null-/etc/etckeeper/init.d/20restore-etckeeper
/usr/sbin/sshd//null-/usr/bin/bash//null-/usr/bin/sudo//null-/usr/bin/apt//null-/usr/bin/dash//null-/usr/bin/etckeeper//null-/etc/etckeeper/pre-install.d/50uncommitted-changes//null-/usr/bin/etckeeper//null-/etc/etckeeper/commit.d/50vcs-commit//null-/usr/bin/git//null-/etc/etckeeper/init.d/20restore-etckeeper//null-/usr/bin/chgrp
/usr/sbin/sshd//null-/usr/bin/bash//null-/usr/bin/sudo//null-/usr/bin/apt//null-/usr/bin/dash//null-/usr/bin/etckeeper//null-/etc/etckeeper/pre-install.d/50uncommitted-changes//null-/usr/bin/etckeeper//null-/etc/etckeeper/commit.d/50vcs-commit//null-/usr/bin/git//null-/etc/etckeeper/init.d/20restore-etckeeper//null-/usr/bin/chmod
/usr/sbin/sshd//null-/usr/bin/bash//null-/usr/bin/sudo//null-/usr/bin/apt//null-/usr/bin/dash//null-/usr/bin/etckeeper//null-/etc/etckeeper/pre-install.d/50uncommitted-changes//null-/usr/bin/etckeeper//null-/etc/etckeeper/commit.d/50vcs-commit//null-/usr/bin/git//null-/etc/etckeeper/init.d/20restore-etckeeper//null-/usr/bin/chown
/usr/sbin/sshd//null-/usr/bin/bash//null-/usr/bin/sudo//null-/usr/bin/apt//null-/usr/bin/dash//null-/usr/bin/etckeeper//null-/etc/etckeeper/pre-install.d/50uncommitted-changes//null-/usr/bin/etckeeper//null-/etc/etckeeper/commit.d/50vcs-commit//null-/usr/bin/git//null-/etc/etckeeper/init.d/20restore-etckeeper//null-/usr/bin/mkdir
/usr/sbin/sshd//null-/usr/bin/bash//null-/usr/bin/sudo//null-/usr/bin/apt//null-/usr/bin/dash//null-/usr/bin/etckeeper//null-/etc/etckeeper/pre-install.d/50uncommitted-changes//null-/usr/bin/etckeeper//null-/etc/etckeeper/commit.d/50vcs-commit//null-/usr/bin/git//null-/usr/lib/git-core/git
/usr/sbin/sshd//null-/usr/bin/bash//null-/usr/bin/sudo//null-/usr/bin/apt//null-/usr/bin/dash//null-/usr/bin/etckeeper//null-/etc/etckeeper/pre-install.d/50uncommitted-changes//null-/usr/bin/etckeeper//null-/etc/etckeeper/commit.d/50vcs-commit//null-/usr/bin/hostname
/usr/sbin/sshd//null-/usr/bin/bash//null-/usr/bin/sudo//null-/usr/bin/apt//null-/usr/bin/dash//null-/usr/bin/etckeeper//null-/etc/etckeeper/pre-install.d/50uncommitted-changes//null-/usr/bin/etckeeper//null-/etc/etckeeper/commit.d/50vcs-commit//null-/usr/bin/mktemp
/usr/sbin/sshd//null-/usr/bin/bash//null-/usr/bin/sudo//null-/usr/bin/apt//null-/usr/bin/dash//null-/usr/bin/etckeeper//null-/etc/etckeeper/pre-install.d/50uncommitted-changes//null-/usr/bin/etckeeper//null-/etc/etckeeper/commit.d/50vcs-commit//null-/usr/bin/rm
/usr/sbin/sshd//null-/usr/bin/bash//null-/usr/bin/sudo//null-/usr/bin/apt//null-/usr/bin/dash//null-/usr/bin/etckeeper//null-/etc/etckeeper/pre-install.d/50uncommitted-changes//null-/usr/bin/etckeeper//null-/etc/etckeeper/commit.d/50vcs-commit//null-/usr/bin/sed
/usr/sbin/sshd//null-/usr/bin/bash//null-/usr/bin/sudo//null-/usr/bin/apt//null-/usr/bin/dash//null-/usr/bin/etckeeper//null-/etc/etckeeper/pre-install.d/50uncommitted-changes//null-/usr/bin/etckeeper//null-/etc/etckeeper/commit.d/50vcs-commit//null-/usr/bin/whoami
/usr/sbin/sshd//null-/usr/bin/bash//null-/usr/bin/sudo//null-/usr/bin/apt//null-/usr/bin/dash//null-/usr/bin/etckeeper//null-/etc/etckeeper/pre-install.d/50uncommitted-changes//null-/usr/bin/etckeeper//null-/etc/etckeeper/commit.d/99push
/usr/sbin/sshd//null-/usr/bin/bash//null-/usr/bin/sudo//null-/usr/bin/apt//null-/usr/bin/dash//null-/usr/bin/etckeeper//null-/etc/etckeeper/pre-install.d/50uncommitted-changes//null-/usr/bin/etckeeper//null-/etc/etckeeper/unclean.d/50test
/usr/sbin/sshd//null-/usr/bin/bash//null-/usr/bin/sudo//null-/usr/bin/apt//null-/usr/bin/dash//null-/usr/bin/etckeeper//null-/etc/etckeeper/pre-install.d/50uncommitted-changes//null-/usr/bin/etckeeper//null-/etc/etckeeper/unclean.d/50test//null-/usr/bin/git
/usr/sbin/sshd//null-/usr/bin/bash//null-/usr/bin/sudo//null-/usr/bin/apt//null-/usr/bin/dash//null-/usr/bin/etckeeper//null-/etc/etckeeper/pre-install.d/50uncommitted-changes//null-/usr/bin/etckeeper//null-/etc/etckeeper/unclean.d/50test//null-/usr/bin/git//null-/usr/lib/git-core/git
/usr/sbin/sshd//null-/usr/bin/bash//null-/usr/bin/sudo//null-/usr/bin/apt//null-/usr/bin/dash//null-/usr/bin/etckeeper//null-/etc/etckeeper/pre-install.d/50uncommitted-changes//null-/usr/bin/etckeeper//null-/usr/bin/grep
/usr/sbin/sshd//null-/usr/bin/bash//null-/usr/bin/sudo//null-/usr/bin/apt//null-/usr/bin/dash//null-/usr/bin/etckeeper//null-/etc/etckeeper/pre-install.d/50uncommitted-changes//null-/usr/bin/etckeeper//null-/usr/bin/perl
/usr/sbin/sshd//null-/usr/bin/bash//null-/usr/bin/sudo//null-/usr/bin/apt//null-/usr/bin/dash//null-/usr/bin/etckeeper//null-/usr/bin/grep
/usr/sbin/sshd//null-/usr/bin/bash//null-/usr/bin/sudo//null-/usr/bin/apt//null-/usr/bin/dash//null-/usr/bin/etckeeper//null-/usr/bin/perl
/usr/sbin/sshd//null-/usr/bin/bash//null-/usr/bin/sudo//null-/usr/bin/apt//null-/usr/bin/dash//null-/usr/bin/ps
/usr/sbin/sshd//null-/usr/bin/bash//null-/usr/bin/sudo//null-/usr/bin/apt//null-/usr/bin/dash//null-/usr/lib/needrestart/apt-pinvoke
/usr/sbin/sshd//null-/usr/bin/bash//null-/usr/bin/sudo//null-/usr/bin/apt//null-/usr/bin/dash//null-/usr/lib/needrestart/apt-pinvoke//null-/usr/bin/dbus-send
/usr/sbin/sshd//null-/usr/bin/bash//null-/usr/bin/sudo//null-/usr/bin/apt//null-/usr/bin/dash//null-/usr/lib/needrestart/apt-pinvoke//null-/usr/bin/rm
/usr/sbin/sshd//null-/usr/bin/bash//null-/usr/bin/sudo//null-/usr/bin/apt//null-/usr/bin/dash//null-/usr/lib/needrestart/apt-pinvoke//null-/usr/sbin/needrestart
/usr/sbin/sshd//null-/usr/bin/bash//null-/usr/bin/sudo//null-/usr/bin/apt//null-/usr/bin/dash//null-/usr/lib/needrestart/apt-pinvoke//null-/usr/sbin/needrestart//null-/usr/bin/who
/usr/sbin/sshd//null-/usr/bin/bash//null-/usr/bin/sudo//null-/usr/bin/apt//null-/usr/bin/dash//null-/usr/lib/needrestart/apt-pinvoke//null-/usr/sbin/needrestart//null-/usr/share/debconf/frontend
/usr/sbin/sshd//null-/usr/bin/bash//null-/usr/bin/sudo//null-/usr/bin/apt//null-/usr/bin/dash//null-/usr/lib/needrestart/apt-pinvoke//null-/usr/sbin/needrestart//null-/usr/share/debconf/frontend//null-/usr/bin/dash
/usr/sbin/sshd//null-/usr/bin/bash//null-/usr/bin/sudo//null-/usr/bin/apt//null-/usr/bin/dash//null-/usr/lib/needrestart/apt-pinvoke//null-/usr/sbin/needrestart//null-/usr/share/debconf/frontend//null-/usr/bin/dash//null-/usr/bin/stty
/usr/sbin/sshd//null-/usr/bin/bash//null-/usr/bin/sudo//null-/usr/bin/apt//null-/usr/bin/dash//null-/usr/lib/needrestart/apt-pinvoke//null-/usr/sbin/needrestart//null-/usr/share/debconf/frontend//null-/usr/bin/dash//null-/usr/bin/whiptail
/usr/sbin/sshd//null-/usr/bin/bash//null-/usr/bin/sudo//null-/usr/bin/apt//null-/usr/bin/dash//null-/usr/lib/needrestart/apt-pinvoke//null-/usr/sbin/needrestart//null-/usr/share/debconf/frontend//null-/usr/bin/locale
/usr/sbin/sshd//null-/usr/bin/bash//null-/usr/bin/sudo//null-/usr/bin/apt//null-/usr/bin/dash//null-/usr/lib/needrestart/apt-pinvoke//null-/usr/sbin/needrestart//null-/usr/share/debconf/frontend//null-/usr/sbin/needrestart
/usr/sbin/sshd//null-/usr/bin/bash//null-/usr/bin/sudo//null-/usr/bin/apt//null-/usr/bin/dash//null-/usr/lib/needrestart/apt-pinvoke//null-/usr/sbin/needrestart//null-/usr/share/debconf/frontend//null-/usr/sbin/needrestart//null-/usr/bin/python3.11
/usr/sbin/sshd//null-/usr/bin/bash//null-/usr/bin/sudo//null-/usr/bin/apt//null-/usr/bin/dash//null-/usr/lib/needrestart/apt-pinvoke//null-/usr/sbin/needrestart//null-/usr/share/debconf/frontend//null-/usr/sbin/needrestart//null-/usr/bin/who
/usr/sbin/sshd//null-/usr/bin/bash//null-/usr/bin/sudo//null-/usr/bin/apt//null-/usr/bin/dash//null-/usr/lib/needrestart/apt-pinvoke//null-/usr/sbin/needrestart//null-/usr/share/debconf/frontend//null-/usr/sbin/needrestart//null-/usr/lib/needrestart/iucode-scan-versions
/usr/sbin/sshd//null-/usr/bin/bash//null-/usr/bin/sudo//null-/usr/bin/apt//null-/usr/bin/dash//null-/usr/lib/needrestart/apt-pinvoke//null-/usr/sbin/needrestart//null-/usr/share/debconf/frontend//null-/usr/sbin/needrestart//null-/usr/lib/needrestart/iucode-scan-versions//null-/usr/bin/cat
/usr/sbin/sshd//null-/usr/bin/bash//null-/usr/bin/sudo//null-/usr/bin/apt//null-/usr/bin/dash//null-/usr/lib/needrestart/apt-pinvoke//null-/usr/sbin/needrestart//null-/usr/share/debconf/frontend//null-/usr/sbin/needrestart//null-/usr/lib/needrestart/iucode-scan-versions//null-/usr/bin/grep
/usr/sbin/sshd//null-/usr/bin/bash//null-/usr/bin/sudo//null-/usr/bin/apt//null-/usr/bin/dash//null-/usr/sbin/dpkg-preconfigure
/usr/sbin/sshd//null-/usr/bin/bash//null-/usr/bin/sudo//null-/usr/bin/apt//null-/usr/bin/dash//null-/usr/sbin/dpkg-preconfigure//null-/usr/bin/apt-extracttemplates
/usr/sbin/sshd//null-/usr/bin/bash//null-/usr/bin/sudo//null-/usr/bin/apt//null-/usr/bin/dash//null-/usr/sbin/dpkg-preconfigure//null-/usr/bin/apt-extracttemplates//null-/usr/bin/dpkg
/usr/sbin/sshd//null-/usr/bin/bash//null-/usr/bin/sudo//null-/usr/bin/apt//null-/usr/bin/dash//null-/usr/sbin/dpkg-preconfigure//null-/usr/bin/dash
/usr/sbin/sshd//null-/usr/bin/bash//null-/usr/bin/sudo//null-/usr/bin/apt//null-/usr/bin/dash//null-/usr/sbin/dpkg-preconfigure//null-/usr/bin/dash//null-/usr/bin/stty
/usr/sbin/sshd//null-/usr/bin/bash//null-/usr/bin/sudo//null-/usr/bin/apt//null-/usr/bin/dash//null-/usr/sbin/dpkg-preconfigure//null-/usr/bin/dash//null-/usr/bin/whiptail
/usr/sbin/sshd//null-/usr/bin/bash//null-/usr/bin/sudo//null-/usr/bin/apt//null-/usr/bin/dash//null-/usr/sbin/dpkg-preconfigure//null-/usr/bin/locale
/usr/sbin/sshd//null-/usr/bin/bash//null-/usr/bin/sudo//null-/usr/bin/apt//null-/usr/bin/dash//null-/usr/sbin/localepurge
/usr/sbin/sshd//null-/usr/bin/bash//null-/usr/bin/sudo//null-/usr/bin/apt//null-/usr/bin/dash//null-/usr/sbin/localepurge//null-/usr/bin/fgrep
/usr/sbin/sshd//null-/usr/bin/bash//null-/usr/bin/sudo//null-/usr/bin/apt//null-/usr/bin/dash//null-/usr/sbin/localepurge//null-/usr/bin/fgrep//null-/usr/bin/grep
/usr/sbin/sshd//null-/usr/bin/bash//null-/usr/bin/sudo//null-/usr/bin/apt//null-/usr/bin/dpkg
/usr/sbin/sshd//null-/usr/bin/bash//null-/usr/bin/sudo//null-/usr/bin/apt//null-/usr/bin/dpkg//null-/usr/bin/dash
/usr/sbin/sshd//null-/usr/bin/bash//null-/usr/bin/sudo//null-/usr/bin/apt//null-/usr/bin/dpkg//null-/usr/bin/dash//null-/usr/lib/needrestart/dpkg-status
/usr/sbin/sshd//null-/usr/bin/bash//null-/usr/bin/sudo//null-/usr/bin/apt//null-/usr/bin/dpkg//null-/usr/bin/dash//null-/usr/lib/needrestart/dpkg-status//null-/usr/bin/mkdir
/usr/sbin/sshd//null-/usr/bin/bash//null-/usr/bin/sudo//null-/usr/bin/apt//null-/usr/bin/dpkg//null-/usr/bin/dash//null-/usr/lib/needrestart/dpkg-status//null-/usr/bin/touch
/usr/sbin/sshd//null-/usr/bin/bash//null-/usr/bin/sudo//null-/usr/bin/apt//null-/usr/bin/dpkg//null-/usr/bin/dpkg-deb
/usr/sbin/sshd//null-/usr/bin/bash//null-/usr/bin/sudo//null-/usr/bin/apt//null-/usr/bin/dpkg//null-/usr/bin/dpkg-deb//null-/usr/bin/tar
/usr/sbin/sshd//null-/usr/bin/bash//null-/usr/bin/sudo//null-/usr/bin/apt//null-/usr/bin/dpkg//null-/usr/bin/dpkg-split
/usr/sbin/sshd//null-/usr/bin/bash//null-/usr/bin/sudo//null-/usr/bin/apt//null-/usr/bin/dpkg//null-/usr/bin/rm
/usr/sbin/sshd//null-/usr/bin/bash//null-/usr/bin/sudo//null-/usr/bin/apt//null-/usr/bin/dpkg//null-/var/lib/dpkg/info/auditd.postrm
/usr/sbin/sshd//null-/usr/bin/bash//null-/usr/bin/sudo//null-/usr/bin/apt//null-/usr/bin/dpkg//null-/var/lib/dpkg/info/auditd.postrm//null-/usr/bin/chmod
/usr/sbin/sshd//null-/usr/bin/bash//null-/usr/bin/sudo//null-/usr/bin/apt//null-/usr/bin/dpkg//null-/var/lib/dpkg/info/auditd.postrm//null-/usr/bin/deb-systemd-helper
/usr/sbin/sshd//null-/usr/bin/bash//null-/usr/bin/sudo//null-/usr/bin/apt//null-/usr/bin/dpkg//null-/var/lib/dpkg/info/auditd.postrm//null-/usr/bin/deb-systemd-helper//null-/usr/bin/systemctl
/usr/sbin/sshd//null-/usr/bin/bash//null-/usr/bin/sudo//null-/usr/bin/apt//null-/usr/bin/dpkg//null-/var/lib/dpkg/info/auditd.postrm//null-/usr/bin/dpkg-maintscript-helper
/usr/sbin/sshd//null-/usr/bin/bash//null-/usr/bin/sudo//null-/usr/bin/apt//null-/usr/bin/dpkg//null-/var/lib/dpkg/info/auditd.postrm//null-/usr/bin/dpkg-maintscript-helper//null-/usr/bin/basename
/usr/sbin/sshd//null-/usr/bin/bash//null-/usr/bin/sudo//null-/usr/bin/apt//null-/usr/bin/dpkg//null-/var/lib/dpkg/info/auditd.postrm//null-/usr/bin/dpkg-maintscript-helper//null-/usr/bin/dpkg
/usr/sbin/sshd//null-/usr/bin/bash//null-/usr/bin/sudo//null-/usr/bin/apt//null-/usr/bin/dpkg//null-/var/lib/dpkg/info/auditd.postrm//null-/usr/bin/dpkg-maintscript-helper//null-/usr/bin/rm
/usr/sbin/sshd//null-/usr/bin/bash//null-/usr/bin/sudo//null-/usr/bin/apt//null-/usr/bin/dpkg//null-/var/lib/dpkg/info/auditd.postrm//null-/usr/bin/rm
/usr/sbin/sshd//null-/usr/bin/bash//null-/usr/bin/sudo//null-/usr/bin/apt//null-/usr/bin/dpkg//null-/var/lib/dpkg/info/auditd.postrm//null-/usr/bin/systemctl
/usr/sbin/sshd//null-/usr/bin/bash//null-/usr/bin/sudo//null-/usr/bin/apt//null-/usr/bin/dpkg//null-/var/lib/dpkg/info/auditd.postrm//null-/usr/sbin/update-rc.d
/usr/sbin/sshd//null-/usr/bin/bash//null-/usr/bin/sudo//null-/usr/bin/apt//null-/usr/bin/dpkg//null-/var/lib/dpkg/info/auditd.postrm//null-/usr/sbin/update-rc.d//null-/usr/bin/systemctl
/usr/sbin/sshd//null-/usr/bin/bash//null-/usr/bin/sudo//null-/usr/bin/apt//null-/usr/bin/dpkg//null-/var/lib/dpkg/info/auditd.postrm//null-/usr/sbin/update-rc.d//null-/usr/sbin/insserv
/usr/sbin/sshd//null-/usr/bin/bash//null-/usr/bin/sudo//null-/usr/bin/apt//null-/usr/bin/dpkg//null-/var/lib/dpkg/info/auditd.prerm
/usr/sbin/sshd//null-/usr/bin/bash//null-/usr/bin/sudo//null-/usr/bin/apt//null-/usr/bin/dpkg//null-/var/lib/dpkg/info/auditd.prerm//null-/usr/bin/deb-systemd-invoke
/usr/sbin/sshd//null-/usr/bin/bash//null-/usr/bin/sudo//null-/usr/bin/apt//null-/usr/bin/dpkg//null-/var/lib/dpkg/info/auditd.prerm//null-/usr/bin/deb-systemd-invoke//null-/usr/bin/systemctl
/usr/sbin/sshd//null-/usr/bin/bash//null-/usr/bin/sudo//null-/usr/bin/apt//null-/usr/bin/dpkg//null-/var/lib/dpkg/info/auditd.prerm//null-/usr/bin/deb-systemd-invoke//null-/usr/bin/systemctl//null-/usr/bin/systemd-tty-ask-password-agent
/usr/sbin/sshd//null-/usr/bin/bash//null-/usr/bin/sudo//null-/usr/bin/apt//null-/usr/bin/dpkg//null-/var/lib/dpkg/info/auditd.prerm//null-/usr/bin/dpkg-maintscript-helper
/usr/sbin/sshd//null-/usr/bin/bash//null-/usr/bin/sudo//null-/usr/bin/apt//null-/usr/bin/dpkg//null-/var/lib/dpkg/info/auditd.prerm//null-/usr/bin/dpkg-maintscript-helper//null-/usr/bin/basename
/usr/sbin/sshd//null-/usr/bin/bash//null-/usr/bin/sudo//null-/usr/bin/apt//null-/usr/bin/dpkg//null-/var/lib/dpkg/info/auditd.prerm//null-/usr/bin/dpkg-maintscript-helper//null-/usr/bin/dpkg
/usr/sbin/sshd//null-/usr/bin/bash//null-/usr/bin/sudo//null-/usr/bin/apt//null-/usr/bin/dpkg//null-/var/lib/dpkg/info/auditd.prerm//null-/usr/sbin/invoke-rc.d
/usr/sbin/sshd//null-/usr/bin/bash//null-/usr/bin/sudo//null-/usr/bin/apt//null-/usr/bin/dpkg//null-/var/lib/dpkg/info/auditd.prerm//null-/usr/sbin/invoke-rc.d//null-/usr/bin/systemctl
/usr/sbin/sshd//null-/usr/bin/bash//null-/usr/bin/sudo//null-/usr/bin/apt//null-/usr/bin/dpkg//null-/var/lib/dpkg/info/ca-certificates-java.postinst
/usr/sbin/sshd//null-/usr/bin/bash//null-/usr/bin/sudo//null-/usr/bin/apt//null-/usr/bin/dpkg//null-/var/lib/dpkg/info/ca-certificates-java.postinst//null-/usr/bin/dpkg
/usr/sbin/sshd//null-/usr/bin/bash//null-/usr/bin/sudo//null-/usr/bin/apt//null-/usr/bin/dpkg//null-/var/lib/dpkg/info/ca-certificates-java.postinst//null-/usr/bin/rm
/usr/sbin/sshd//null-/usr/bin/bash//null-/usr/bin/sudo//null-/usr/bin/apt//null-/usr/bin/dpkg//null-/var/lib/dpkg/info/ca-certificates-java.postinst//null-/usr/bin/which.debianutils
/usr/sbin/sshd//null-/usr/bin/bash//null-/usr/bin/sudo//null-/usr/bin/apt//null-/usr/bin/dpkg//null-/var/lib/dpkg/info/libc-bin.postinst
/usr/sbin/sshd//null-/usr/bin/bash//null-/usr/bin/sudo//null-/usr/bin/apt//null-/usr/bin/dpkg//null-/var/lib/dpkg/info/libc-bin.postinst//null-/usr/sbin/ldconfig
/usr/sbin/sshd//null-/usr/bin/bash//null-/usr/bin/sudo//null-/usr/bin/apt//null-/usr/bin/dpkg//null-/var/lib/dpkg/info/man-db.postinst
/usr/sbin/sshd//null-/usr/bin/bash//null-/usr/bin/sudo//null-/usr/bin/apt//null-/usr/bin/dpkg//null-/var/lib/dpkg/info/man-db.postinst//null-/usr/bin/setpriv
/usr/sbin/sshd//null-/usr/bin/bash//null-/usr/bin/sudo//null-/usr/bin/apt//null-/usr/bin/dpkg//null-/var/lib/dpkg/info/man-db.postinst//null-/usr/bin/setpriv//null-/usr/bin/mandb
/usr/sbin/sshd//null-/usr/bin/bash//null-/usr/bin/sudo//null-/usr/bin/apt//null-/usr/bin/dpkg//null-/var/lib/dpkg/info/openjdk-17-jdk-headless:amd64.prerm
/usr/sbin/sshd//null-/usr/bin/bash//null-/usr/bin/sudo//null-/usr/bin/apt//null-/usr/bin/dpkg//null-/var/lib/dpkg/info/openjdk-17-jdk-headless:amd64.prerm//null-/usr/bin/update-alternatives
/usr/sbin/sshd//null-/usr/bin/bash//null-/usr/bin/sudo//null-/usr/bin/apt//null-/usr/bin/dpkg//null-/var/lib/dpkg/info/openjdk-17-jdk:amd64.prerm
/usr/sbin/sshd//null-/usr/bin/bash//null-/usr/bin/sudo//null-/usr/bin/apt//null-/usr/bin/dpkg//null-/var/lib/dpkg/info/openjdk-17-jdk:amd64.prerm//null-/usr/bin/update-alternatives
/usr/sbin/sshd//null-/usr/bin/bash//null-/usr/bin/sudo//null-/usr/bin/apt//null-/usr/bin/dpkg//null-/var/lib/dpkg/info/puppetserver.postinst
/usr/sbin/sshd//null-/usr/bin/bash//null-/usr/bin/sudo//null-/usr/bin/apt//null-/usr/bin/dpkg//null-/var/lib/dpkg/info/puppetserver.postinst//null-/usr/bin/deb-systemd-helper
/usr/sbin/sshd//null-/usr/bin/bash//null-/usr/bin/sudo//null-/usr/bin/apt//null-/usr/bin/dpkg//null-/var/lib/dpkg/info/puppetserver.postinst//null-/usr/bin/deb-systemd-invoke
/usr/sbin/sshd//null-/usr/bin/bash//null-/usr/bin/sudo//null-/usr/bin/apt//null-/usr/bin/dpkg//null-/var/lib/dpkg/info/puppetserver.postinst//null-/usr/bin/deb-systemd-invoke//null-/usr/bin/dash
/usr/sbin/sshd//null-/usr/bin/bash//null-/usr/bin/sudo//null-/usr/bin/apt//null-/usr/bin/dpkg//null-/var/lib/dpkg/info/puppetserver.postinst//null-/usr/bin/deb-systemd-invoke//null-/usr/bin/dash//null-/usr/bin/systemctl
/usr/sbin/sshd//null-/usr/bin/bash//null-/usr/bin/sudo//null-/usr/bin/apt//null-/usr/bin/dpkg//null-/var/lib/dpkg/info/puppetserver.postinst//null-/usr/bin/deb-systemd-invoke//null-/usr/bin/systemctl
/usr/sbin/sshd//null-/usr/bin/bash//null-/usr/bin/sudo//null-/usr/bin/apt//null-/usr/bin/dpkg//null-/var/lib/dpkg/info/puppetserver.postinst//null-/usr/bin/deb-systemd-invoke//null-/usr/bin/systemctl//null-/usr/bin/systemd-tty-ask-password-agent
/usr/sbin/sshd//null-/usr/bin/bash//null-/usr/bin/sudo//null-/usr/bin/apt//null-/usr/bin/dpkg//null-/var/lib/dpkg/info/puppetserver.postinst//null-/usr/bin/dpkg-statoverride
/usr/sbin/sshd//null-/usr/bin/bash//null-/usr/bin/sudo//null-/usr/bin/apt//null-/usr/bin/dpkg//null-/var/lib/dpkg/info/puppetserver.postinst//null-/usr/bin/systemctl
/usr/sbin/sshd//null-/usr/bin/bash//null-/usr/bin/sudo//null-/usr/bin/apt//null-/usr/bin/dpkg//null-/var/lib/dpkg/info/puppetserver.postrm
/usr/sbin/sshd//null-/usr/bin/bash//null-/usr/bin/sudo//null-/usr/bin/apt//null-/usr/bin/dpkg//null-/var/lib/dpkg/info/puppetserver.prerm
/usr/sbin/sshd//null-/usr/bin/bash//null-/usr/bin/sudo//null-/usr/bin/apt//null-/usr/bin/dpkg//null-/var/lib/dpkg/info/python3-lxml:amd64.postinst
/usr/sbin/sshd//null-/usr/bin/bash//null-/usr/bin/sudo//null-/usr/bin/apt//null-/usr/bin/dpkg//null-/var/lib/dpkg/info/python3-lxml:amd64.postinst//null-/usr/bin/py3compile
/usr/sbin/sshd//null-/usr/bin/bash//null-/usr/bin/sudo//null-/usr/bin/apt//null-/usr/bin/dpkg//null-/var/lib/dpkg/info/python3-lxml:amd64.postinst//null-/usr/bin/py3compile//null-/usr/bin/dash
/usr/sbin/sshd//null-/usr/bin/bash//null-/usr/bin/sudo//null-/usr/bin/apt//null-/usr/bin/dpkg//null-/var/lib/dpkg/info/python3-lxml:amd64.postinst//null-/usr/bin/py3compile//null-/usr/bin/dash//null-/usr/bin/dpkg
/usr/sbin/sshd//null-/usr/bin/bash//null-/usr/bin/sudo//null-/usr/bin/apt//null-/usr/bin/dpkg//null-/var/lib/dpkg/info/python3-lxml:amd64.postinst//null-/usr/bin/py3compile//null-/usr/bin/dash//null-/usr/bin/dpkg//null-/usr/bin/dpkg-query
/usr/sbin/sshd//null-/usr/bin/bash//null-/usr/bin/sudo//null-/usr/bin/apt//null-/usr/bin/dpkg//null-/var/lib/dpkg/info/python3-lxml:amd64.postinst//null-/usr/bin/py3compile//null-/usr/bin/dash//null-/usr/bin/python3.11
/usr/sbin/sshd//null-/usr/bin/bash//null-/usr/bin/sudo//null-/usr/bin/apt//null-/usr/bin/dpkg//null-/var/lib/dpkg/info/python3-lxml:amd64.prerm
/usr/sbin/sshd//null-/usr/bin/bash//null-/usr/bin/sudo//null-/usr/bin/apt//null-/usr/bin/dpkg//null-/var/lib/dpkg/info/python3-lxml:amd64.prerm//null-/usr/bin/py3clean
/usr/sbin/sshd//null-/usr/bin/bash//null-/usr/bin/sudo//null-/usr/bin/apt//null-/usr/bin/dpkg//null-/var/lib/dpkg/info/python3-lxml:amd64.prerm//null-/usr/bin/py3clean//null-/usr/bin/dash
/usr/sbin/sshd//null-/usr/bin/bash//null-/usr/bin/sudo//null-/usr/bin/apt//null-/usr/bin/dpkg//null-/var/lib/dpkg/info/python3-lxml:amd64.prerm//null-/usr/bin/py3clean//null-/usr/bin/dash//null-/usr/bin/dpkg
/usr/sbin/sshd//null-/usr/bin/bash//null-/usr/bin/sudo//null-/usr/bin/apt//null-/usr/bin/dpkg//null-/var/lib/dpkg/info/python3-lxml:amd64.prerm//null-/usr/bin/py3clean//null-/usr/bin/dash//null-/usr/bin/dpkg//null-/usr/bin/dpkg-query
/usr/sbin/sshd//null-/usr/bin/bash//null-/usr/bin/sudo//null-/usr/bin/apt//null-/usr/bin/dpkg//null-/var/lib/dpkg/info/python3-yaml.postinst
/usr/sbin/sshd//null-/usr/bin/bash//null-/usr/bin/sudo//null-/usr/bin/apt//null-/usr/bin/dpkg//null-/var/lib/dpkg/info/python3-yaml.postinst//null-/usr/bin/py3compile
/usr/sbin/sshd//null-/usr/bin/bash//null-/usr/bin/sudo//null-/usr/bin/apt//null-/usr/bin/dpkg//null-/var/lib/dpkg/info/python3-yaml.postinst//null-/usr/bin/py3compile//null-/usr/bin/dash
/usr/sbin/sshd//null-/usr/bin/bash//null-/usr/bin/sudo//null-/usr/bin/apt//null-/usr/bin/dpkg//null-/var/lib/dpkg/info/python3-yaml.postinst//null-/usr/bin/py3compile//null-/usr/bin/dash//null-/usr/bin/dpkg
/usr/sbin/sshd//null-/usr/bin/bash//null-/usr/bin/sudo//null-/usr/bin/apt//null-/usr/bin/dpkg//null-/var/lib/dpkg/info/python3-yaml.postinst//null-/usr/bin/py3compile//null-/usr/bin/dash//null-/usr/bin/dpkg//null-/usr/bin/dpkg-query
/usr/sbin/sshd//null-/usr/bin/bash//null-/usr/bin/sudo//null-/usr/bin/apt//null-/usr/bin/dpkg//null-/var/lib/dpkg/info/python3-yaml.postinst//null-/usr/bin/py3compile//null-/usr/bin/dash//null-/usr/bin/python3.11
/usr/sbin/sshd//null-/usr/bin/bash//null-/usr/bin/sudo//null-/usr/bin/apt//null-/usr/bin/dpkg//null-/var/lib/dpkg/info/python3-yaml.prerm
/usr/sbin/sshd//null-/usr/bin/bash//null-/usr/bin/sudo//null-/usr/bin/apt//null-/usr/bin/dpkg//null-/var/lib/dpkg/info/python3-yaml.prerm//null-/usr/bin/py3clean
/usr/sbin/sshd//null-/usr/bin/bash//null-/usr/bin/sudo//null-/usr/bin/apt//null-/usr/bin/dpkg//null-/var/lib/dpkg/info/python3-yaml.prerm//null-/usr/bin/py3clean//null-/usr/bin/dash
/usr/sbin/sshd//null-/usr/bin/bash//null-/usr/bin/sudo//null-/usr/bin/apt//null-/usr/bin/dpkg//null-/var/lib/dpkg/info/python3-yaml.prerm//null-/usr/bin/py3clean//null-/usr/bin/dash//null-/usr/bin/dpkg
/usr/sbin/sshd//null-/usr/bin/bash//null-/usr/bin/sudo//null-/usr/bin/apt//null-/usr/bin/dpkg//null-/var/lib/dpkg/info/python3-yaml.prerm//null-/usr/bin/py3clean//null-/usr/bin/dash//null-/usr/bin/dpkg//null-/usr/bin/dpkg-query
/usr/sbin/sshd//null-/usr/bin/bash//null-/usr/bin/sudo//null-/usr/bin/apt//null-/usr/lib/apt/methods/http
/usr/sbin/sshd//null-/usr/bin/bash//null-/usr/bin/sudo//null-/usr/bin/ikisite
/usr/sbin/sshd//null-/usr/bin/bash//null-/usr/bin/sudo//null-/usr/sbin/aa-status
/usr/sbin/sshd//null-/usr/bin/bash//null-/usr/bin/sudo//null-/usr/sbin/auditctl
/usr/sbin/sshd//null-/usr/bin/bash//null-/usr/bin/systemctl
/usr/sbin/sshd//null-/usr/bin/bash//null-/usr/bin/systemctl//null-/usr/bin/less
/usr/sbin/sshd//null-/usr/bin/bash//null-/usr/bin/tput
/usr/sbin/sshd//null-/usr/bin/bash//null-/usr/bin/tty
/usr/sbin/sshd//null-/usr/bin/bash//null-/usr/bin/which.debianutils
/usr/sbin/sshd//null-/usr/bin/bash//null-/usr/bin/whoami
/usr/sbin/sshd//null-/usr/bin/bash//null-/usr/games/fortune
/usr/sbin/sshd//null-/usr/bin/bash//null-/usr/lib/dovecot/imap
/usr/sbin/sshd//null-/usr/bin/bash//null-/usr/lib/dovecot/imap//null-/usr/bin/doveconf
/usr/sbin/sshd//null-/usr/bin/bash//null-/usr/lib/dovecot/imap//null-/usr/bin/doveconf//null-/usr/lib/dovecot/imap
/usr/sbin/sshd//null-/usr/bin/bash//null-/usr/sbin/aa-status
/usr/sbin/sshd//null-/usr/bin/dash
/usr/sbin/sshd//null-/usr/bin/dash//null-/usr/bin/env
/usr/sbin/sshd//null-/usr/bin/dash//null-/usr/bin/env//null-/usr/bin/run-parts
/usr/sbin/sshd//null-/usr/bin/dash//null-/usr/bin/env//null-/usr/bin/run-parts//null-/etc/update-motd.d/10-uname
/usr/sbin/sshd//null-/usr/bin/dash//null-/usr/bin/env//null-/usr/bin/run-parts//null-/etc/update-motd.d/10-uname//null-/usr/bin/uname
/usr/sbin/sshd//null-/usr/bin/dash//null-/usr/bin/env//null-/usr/bin/run-parts//null-/etc/update-motd.d/92-unattended-upgrades
/usr/sbin/sshd//null-/usr/bin/dash//null-/usr/bin/env//null-/usr/bin/run-parts//null-/etc/update-motd.d/92-unattended-upgrades//null-/usr/share/unattended-upgrades/update-motd-unattended-upgrades
/usr/sbin/sshd//null-/usr/bin/dash//null-/usr/local/bin/mosh-ssh-wrapper
/usr/sbin/sshd//null-/usr/bin/dash//null-/usr/local/bin/mosh-ssh-wrapper//null-/usr/bin/mosh-server
/usr/sbin/sshd//null-/usr/bin/dash//null-/usr/local/bin/mosh-ssh-wrapper//null-/usr/bin/mosh-server//null-/usr/bin/dtach
/usr/sbin/sshd//null-/usr/bin/dash//null-/usr/local/bin/mosh-ssh-wrapper//null-/usr/bin/mosh-server//null-/usr/lib/x86_64-linux-gnu/utempter/utempter
/usr/sbin/useradd
/usr/sbin/userdel
/usr/sbin/vsftpd
/usr/sbin/xinetd
avahi-daemon
dnsmasq
dnsmasq//libvirt_leaseshelper
identd
klogd
mdnsd
nmbd
nscd
php-fpm
ping
samba-bgqd
samba-dcerpcd
samba-rpcd
samba-rpcd-classic
samba-rpcd-spoolss
smbd
smbldap-useradd
smbldap-useradd///etc/init.d/nscd
syslog-ng
syslogd
traceroute
0 profiles are in kill mode.
0 profiles are in unconfined mode.
18 processes have profiles defined.
5 processes are in enforce mode.
/usr/bin/freshclam (2510)
/usr/sbin/chronyd (2642)
/usr/sbin/chronyd (2663)
/usr/bin/tor (2864) system_tor
/usr/sbin/unbound (2621) unbound
13 processes are in complain mode.
/usr/bin/irssi (2634)
/usr/bin/perl (2525) /usr/sbin/spamd
/usr/bin/perl (5556) /usr/sbin/spamd
/usr/bin/perl (5558) /usr/sbin/spamd
/usr/sbin/sshd (2605)
/usr/sbin/sshd (6276)
/usr/sbin/sshd (6302)
/usr/bin/bash (6303) /usr/sbin/sshd//null-/usr/bin/bash
/usr/bin/sudo (12931) /usr/sbin/sshd//null-/usr/bin/bash//null-/usr/bin/sudo
/usr/bin/sudo (12932) /usr/sbin/sshd//null-/usr/bin/bash//null-/usr/bin/sudo
/usr/sbin/aa-status (12933) /usr/sbin/sshd//null-/usr/bin/bash//null-/usr/bin/sudo//null-/usr/sbin/aa-status
/usr/bin/mosh-server (6087) /usr/sbin/sshd//null-/usr/bin/dash//null-/usr/local/bin/mosh-ssh-wrapper//null-/usr/bin/mosh-server
/usr/bin/dtach (6088) /usr/sbin/sshd//null-/usr/bin/dash//null-/usr/local/bin/mosh-ssh-wrapper//null-/usr/bin/mosh-server//null-/usr/bin/dtach
0 processes are unconfined but have a profile defined.
0 processes are in mixed mode.
0 processes are in kill mode.

--
When machines and computers, profit motives and property rights are
considered more important than people, the giant triplets of racism,
extreme materialism and militarism are incapable of being conquered.
— Dr. Martin Luther King

Antoine Beaupré

unread,
Jan 31, 2023, 2:30:04 PM1/31/23
to
Control: reassign -1 apparmor-profiles-extra

I ended up working around this problem by purging the
apparmor-profiles-extra package and rebooting a bunch of times.

So I don't think this is apparmor per so, it could be *some* -extra
profiles that's breaking things...

a.
--
I'm no longer accepting the things I cannot change.
I'm changing the things I cannot accept.
- Angela Davis

Christian Boltz

unread,
Jan 31, 2023, 6:12:45 PM1/31/23
to
Hello,

Am Dienstag, 31. Januar 2023, 19:20:38 CET schrieb Antoine Beaupré:
> so something is happening with apparmor here. it looks like profile
> are "piling up" in some way, with something like this:
>
> /usr/sbin/sshd//null-/usr/bin/bash//null-/usr/bin/sudo//null-/usr/bin/
> apt//null-/usr/bin/dash//null-/usr/bin/etckeeper//null-/etc/etckeeper/
> pre-install.d/50uncommitted-changes//null-/usr/bin/etckeeper//null-/us
> r/bin/perl

That means sshd executed /usr/bin/bash (without having an execute rule),
and bash executed /usr/bin/sudo, which executed /usr/bin/apt, and so on.

I'm somewhat surprised about that because the upstream profile for sshd
has the following rule since Dec 3 2016 :

/{usr/,}bin/bash Uxr,

This rule should allow to execute /bin/bash and /usr/bin/bash in
unconfined mode (= without AppArmor restrictions) - and therefore should
also avoid the long chain you see.

However, your log looks like your profile does not allow executing
/usr/bin/bash.

Now I wonder - does your sshd profile lack this line/rule?
(If in doubt, please attach the complete profile.)


Regards,

Christian Boltz
--
But you are probably also complaining if local root exploits in the
kernel are fixed, because now you no longer can use that to become root
easily... [Stefan Seyfried in opensuse-factory]

signature.asc

Antoine Beaupré

unread,
Feb 1, 2023, 10:10:05 AM2/1/23
to
On 2023-01-31 23:57:04, Christian Boltz wrote:
> Hello,
>
> Am Dienstag, 31. Januar 2023, 19:20:38 CET schrieb Antoine Beaupré:
>> so something is happening with apparmor here. it looks like profile
>> are "piling up" in some way, with something like this:
>>
>> /usr/sbin/sshd//null-/usr/bin/bash//null-/usr/bin/sudo//null-/usr/bin/
>> apt//null-/usr/bin/dash//null-/usr/bin/etckeeper//null-/etc/etckeeper/
>> pre-install.d/50uncommitted-changes//null-/usr/bin/etckeeper//null-/us
>> r/bin/perl
>
> That means sshd executed /usr/bin/bash (without having an execute rule),
> and bash executed /usr/bin/sudo, which executed /usr/bin/apt, and so on.
>
> I'm somewhat surprised about that because the upstream profile for sshd
> has the following rule since Dec 3 2016 :
>
> /{usr/,}bin/bash Uxr,
>
> This rule should allow to execute /bin/bash and /usr/bin/bash in
> unconfined mode (= without AppArmor restrictions) - and therefore should
> also avoid the long chain you see.
>
> However, your log looks like your profile does not allow executing
> /usr/bin/bash.
>
> Now I wonder - does your sshd profile lack this line/rule?
> (If in doubt, please attach the complete profile.)

Okay, this is interesting. In the current state, the server has no file
in /etc/apparmor.d/usr.sbin.sshd at all. The apparmor package doesn't
ship such a file.

When I purged `apparmor` package, I still had a bunch of files in
/etc/apparmor.d and I'm not sure where those were coming from. Here's
the commit where I purged them manually before reinstalling apparmor:

commit 6ee1bc96eca9b7b94c1d17bdc41108be0fca3dcb
Author: Antoine Beaupré <ana...@debian.org>
Date: Tue Jan 31 13:44:46 2023 -0500

saving uncommitted changes in /etc prior to apt run

.etckeeper | 1 -
apparmor.d/abstractions/libvirt-lxc | 121 ----------
apparmor.d/abstractions/libvirt-qemu | 259 ---------------------
apparmor.d/abstractions/tor | 33 ---
apparmor.d/bin.netstat | 41 ----
apparmor.d/disable/torbrowser.start-tor-browser | 1 -
apparmor.d/disable/usr.bin.tcpdump | 1 -
apparmor.d/etc.cron.daily.logrotate | 57 -----
apparmor.d/etc.cron.daily.slocate.cron | 26 ---
apparmor.d/etc.cron.daily.tmpwatch | 23 --
apparmor.d/libvirt/TEMPLATE.lxc | 15 --
apparmor.d/libvirt/TEMPLATE.qemu | 9 -
.../libvirt-123003cb-fe9c-4afa-beef-ca3a32510061 | 11 -
.../libvirt-55a7efd5-53cd-469a-bf33-b088e716a435 | 11 -
...virt-55a7efd5-53cd-469a-bf33-b088e716a435.files | 17 --
.../libvirt-8bfd965a-9bb2-4a9c-bf2e-4dae08c027cd | 11 -
.../libvirt-a419db66-07ad-4a7a-a8a5-898c003e841a | 11 -
.../libvirt-a7d08ac4-7a5e-4bb0-89c4-3eed13c476bc | 11 -
.../libvirt-efd1e136-2f85-4356-a7c1-60f6cb502306 | 11 -
apparmor.d/local/abstractions/libvirt-lxc | 0
apparmor.d/local/abstractions/libvirt-qemu | 0
apparmor.d/local/gst_plugin_scanner | 2 -
apparmor.d/local/sbin.dhclient | 0
apparmor.d/local/system_tor | 2 -
apparmor.d/local/torbrowser.start-tor-browser | 2 -
apparmor.d/local/usr.bin.chromium-browser | 2 -
apparmor.d/local/usr.bin.freshclam | 2 -
apparmor.d/local/usr.bin.man | 0
apparmor.d/local/usr.bin.tcpdump | 0
apparmor.d/local/usr.lib.dovecot.anvil | 2 -
apparmor.d/local/usr.lib.dovecot.auth | 2 -
apparmor.d/local/usr.lib.dovecot.config | 2 -
apparmor.d/local/usr.lib.dovecot.deliver | 2 -
apparmor.d/local/usr.lib.dovecot.dict | 2 -
apparmor.d/local/usr.lib.dovecot.dovecot-auth | 2 -
apparmor.d/local/usr.lib.dovecot.dovecot-lda | 2 -
apparmor.d/local/usr.lib.dovecot.imap | 2 -
apparmor.d/local/usr.lib.dovecot.imap-login | 2 -
apparmor.d/local/usr.lib.dovecot.lmtp | 2 -
apparmor.d/local/usr.lib.dovecot.log | 2 -
apparmor.d/local/usr.lib.dovecot.managesieve | 2 -
apparmor.d/local/usr.lib.dovecot.managesieve-login | 2 -
apparmor.d/local/usr.lib.dovecot.pop3 | 2 -
apparmor.d/local/usr.lib.dovecot.pop3-login | 2 -
apparmor.d/local/usr.lib.dovecot.ssl-params | 2 -
apparmor.d/local/usr.lib.libvirt.virt-aa-helper | 0
apparmor.d/local/usr.sbin.chronyd | 0
apparmor.d/local/usr.sbin.dovecot | 2 -
apparmor.d/local/usr.sbin.libvirtd | 0
apparmor.d/local/usr.sbin.mysqld | 2 -
apparmor.d/local/usr.sbin.tcpdump | 2 -
apparmor.d/local/usr.sbin.unbound | 0
apparmor.d/sbin.dhclient | 111 ---------
apparmor.d/sbin.dhcpcd | 45 ----
apparmor.d/sbin.portmap | 25 --
apparmor.d/sbin.resmgrd | 32 ---
apparmor.d/sbin.rpc.lockd | 16 --
apparmor.d/sbin.rpc.statd | 29 ---
apparmor.d/system_tor | 25 --
apparmor.d/usr.NX.bin.nxclient | 37 ---
apparmor.d/usr.bin.acroread | 60 -----
apparmor.d/usr.bin.apropos | 26 ---
apparmor.d/usr.bin.evolution-2.10 | 156 -------------
apparmor.d/usr.bin.fam | 22 --
apparmor.d/usr.bin.freshclam | 47 ----
apparmor.d/usr.bin.gaim | 67 ------
apparmor.d/usr.bin.man | 113 ---------
apparmor.d/usr.bin.mlmmj-bounce | 22 --
apparmor.d/usr.bin.mlmmj-maintd | 36 ---
apparmor.d/usr.bin.mlmmj-make-ml.sh | 44 ----
apparmor.d/usr.bin.mlmmj-process | 29 ---
apparmor.d/usr.bin.mlmmj-recieve | 20 --
apparmor.d/usr.bin.mlmmj-send | 25 --
apparmor.d/usr.bin.mlmmj-sub | 28 ---
apparmor.d/usr.bin.mlmmj-unsub | 27 ---
apparmor.d/usr.bin.opera | 75 ------
apparmor.d/usr.bin.passwd | 35 ---
apparmor.d/usr.bin.procmail | 41 ----
apparmor.d/usr.bin.skype | 80 -------
apparmor.d/usr.bin.spamc | 20 --
apparmor.d/usr.bin.svnserve | 33 ---
apparmor.d/usr.bin.tcpdump | 69 ------
apparmor.d/usr.bin.wireshark | 44 ----
apparmor.d/usr.bin.xfs | 24 --
apparmor.d/usr.lib.GConf.2.gconfd-2 | 34 ---
apparmor.d/usr.lib.RealPlayer10.realplay | 50 ----
apparmor.d/usr.lib.bonobo.bonobo-activation-server | 25 --
...volution-data-server.evolution-data-server-1.10 | 40 ----
apparmor.d/usr.lib.firefox.firefox | 128 ----------
apparmor.d/usr.lib.firefox.firefox.sh | 19 --
apparmor.d/usr.lib.firefox.mozilla-xremote-client | 21 --
apparmor.d/usr.lib.libvirt.virt-aa-helper | 76 ------
apparmor.d/usr.lib.postfix.anvil | 28 ---
apparmor.d/usr.lib.postfix.bounce | 36 ---
apparmor.d/usr.lib.postfix.cleanup | 33 ---
apparmor.d/usr.lib.postfix.discard | 18 --
apparmor.d/usr.lib.postfix.error | 20 --
apparmor.d/usr.lib.postfix.flush | 44 ----
apparmor.d/usr.lib.postfix.lmtp | 20 --
apparmor.d/usr.lib.postfix.local | 45 ----
apparmor.d/usr.lib.postfix.master | 47 ----
apparmor.d/usr.lib.postfix.nqmgr | 47 ----
apparmor.d/usr.lib.postfix.oqmgr | 20 --
apparmor.d/usr.lib.postfix.pickup | 25 --
apparmor.d/usr.lib.postfix.pipe | 17 --
apparmor.d/usr.lib.postfix.proxymap | 25 --
apparmor.d/usr.lib.postfix.qmgr | 46 ----
apparmor.d/usr.lib.postfix.qmqpd | 20 --
apparmor.d/usr.lib.postfix.scache | 23 --
apparmor.d/usr.lib.postfix.showq | 44 ----
apparmor.d/usr.lib.postfix.smtp | 48 ----
apparmor.d/usr.lib.postfix.smtpd | 63 -----
apparmor.d/usr.lib.postfix.spawn | 20 --
apparmor.d/usr.lib.postfix.tlsmgr | 25 --
apparmor.d/usr.lib.postfix.trivial-rewrite | 26 ---
apparmor.d/usr.lib.postfix.verify | 20 --
apparmor.d/usr.lib.postfix.virtual | 26 ---
apparmor.d/usr.lib64.GConf.2.gconfd-2 | 34 ---
apparmor.d/usr.sbin.chronyd | 85 -------
apparmor.d/usr.sbin.dhcpd | 37 ---
apparmor.d/usr.sbin.httpd2-prefork | 179 --------------
apparmor.d/usr.sbin.imapd | 24 --
apparmor.d/usr.sbin.in.fingerd | 23 --
apparmor.d/usr.sbin.in.ftpd | 38 ---
apparmor.d/usr.sbin.in.ntalkd | 20 --
apparmor.d/usr.sbin.ipop2d | 24 --
apparmor.d/usr.sbin.ipop3d | 24 --
apparmor.d/usr.sbin.libvirtd | 145 ------------
apparmor.d/usr.sbin.lighttpd | 64 -----
apparmor.d/usr.sbin.mariadbd | 15 --
apparmor.d/usr.sbin.oidentd | 30 ---
apparmor.d/usr.sbin.popper | 25 --
apparmor.d/usr.sbin.postalias | 35 ---
apparmor.d/usr.sbin.postdrop | 34 ---
apparmor.d/usr.sbin.postmap | 25 --
apparmor.d/usr.sbin.postqueue | 33 ---
apparmor.d/usr.sbin.sendmail | 93 --------
apparmor.d/usr.sbin.sendmail.postfix | 51 ----
apparmor.d/usr.sbin.sendmail.sendmail | 48 ----
apparmor.d/usr.sbin.spamd | 40 ----
apparmor.d/usr.sbin.squid | 63 -----
apparmor.d/usr.sbin.sshd | 180 --------------
apparmor.d/usr.sbin.unbound | 56 -----
apparmor.d/usr.sbin.useradd | 50 ----
apparmor.d/usr.sbin.userdel | 51 ----
apparmor.d/usr.sbin.vsftpd | 35 ---
apparmor.d/usr.sbin.xinetd | 71 ------
147 files changed, 4992 deletions(-)

I *think* those are some "extra" profiles I might have manually deployed
at some point.

Now that I dig in the apparmor-profiles, I found a
/usr/share/apparmor/extra-profiles/ directory and there *is* a
usr.sbin.sshd profile in there. So I'm not sure what happened here,
maybe I deployed those by hand but they never got updated?

I also am a little confused by apparmor-profiles shipping an
"extra-profiles" directory *and* having at the same time an
apparmor-profiles-extra that only ships a handful of profiles... It's
all very confusing...

Here's that old profile that was causing problems:

# ------------------------------------------------------------------
#
# Copyright (C) 2002-2005 Novell/SUSE
# Copyright (C) 2012 Canonical Ltd.
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of version 2 of the GNU General Public
# License published by the Free Software Foundation.
#
# ------------------------------------------------------------------
# will need to revalidate this profile once we finish re-architecting
# the change_hat patch.
#
# vim:syntax=apparmor

#include <tunables/global>

/usr/sbin/sshd flags=(complain) {
#include <abstractions/authentication>
#include <abstractions/base>
#include <abstractions/consoles>
#include <abstractions/nameservice>
#include <abstractions/wutmp>
#include <abstractions/openssl>

capability sys_chroot,
capability sys_tty_config,
capability net_bind_service,
capability chown,
capability fowner,
capability kill,
capability setgid,
capability setuid,
capability audit_control,
capability audit_write,

/dev/ptmx rw,
/dev/urandom r,
/etc/default/locale r,
/etc/environment r,
/etc/hosts.allow r,
/etc/hosts.deny r,
/etc/modules.conf r,
/etc/ssh/* r,
/proc/*/oom_adj rw,
/proc/*/oom_score_adj rw,
/usr/sbin/sshd mrix,
/var/log/btmp rw,
/{,var/}run w,
/{,var/}run/sshd{,.init}.pid wl,

@{PROC}/[0-9]*/fd/ r,
@{PROC}/[0-9]*/loginuid w,

# should only be here for use in non-change-hat openssh
# duplicated from EXEC hat
/bin/ash rUx,
/bin/bash rUx,
/bin/bash2 rUx,
/bin/bsh rUx,
/bin/csh rUx,
/bin/dash rUx,
/bin/ksh rUx,
/bin/sh rUx,
/bin/tcsh rUx,
/bin/zsh rUx,
/bin/zsh4 rUx,
/sbin/nologin rUx,

# Call passwd for password change when expired
# /usr/bin/passwd Px,


# stuff duplicated from PRIVSEP_MONITOR
@{HOME}/.ssh/authorized_keys{,2} r,

/dev/pts/[0-9]* rw,
/etc/ssh/moduli r,
@{PROC}/[0-9]*/mounts r,

# duplicated from AUTHENTICATED
/etc/motd r,
/{,var/}run/motd r,
/tmp/ssh-*/agent.[0-9]* rwl,

/tmp/ssh-*[0-9]*/ w,

#
# default subprofile for when sshd has authenticated the user
#
^EXEC flags=(complain) {
#include <abstractions/base>

/bin/ash Ux,
/bin/bash Ux,
/bin/bash2 Ux,
/bin/bsh Ux,
/bin/csh Ux,
/bin/dash Ux,
/bin/ksh Ux,
/bin/sh Ux,
/bin/tcsh Ux,
/bin/zsh Ux,
/bin/zsh4 Ux,
/sbin/nologin Ux,

# for debugging
# /dev/pts/[0-9]* rw,
}

#
# subprofile for handling network input (privilege seperated child)
#
^PRIVSEP flags=(complain) {
#include <abstractions/base>
#include <abstractions/nameservice>

capability sys_chroot,
capability setuid,
capability setgid,

# for debugging
# /dev/pts/[0-9]* rw,
}

#
# subprofile that handles authentication requests from the privilege
# seperated child
#
^PRIVSEP_MONITOR flags=(complain) {
#include <abstractions/authentication>
#include <abstractions/base>
#include <abstractions/nameservice>
#include <abstractions/wutmp>


capability setuid,
capability setgid,
capability chown,

@{HOME}/.ssh/authorized_keys{,2} r,
/dev/ptmx rw,
/dev/pts/[0-9]* rw,
/dev/urandom r,
/etc/hosts.allow r,
/etc/hosts.deny r,
/etc/ssh/moduli r,
@{PROC}/[0-9]*/mounts r,

# for debugging
# /dev/pts/[0-9]* rw,
}

#
# subprofile for post-authentication period until the user's shell is spawned
#
^AUTHENTICATED flags=(complain) {
#include <abstractions/authentication>
#include <abstractions/consoles>
#include <abstractions/nameservice>
#include <abstractions/wutmp>

capability sys_tty_config,
capability setgid,
capability setuid,

/dev/log w,
/dev/ptmx rw,
/etc/default/passwd r,
/etc/localtime r,
/etc/login.defs r,
/etc/motd r,
/{,var/}run/motd r,
/tmp/ssh-*/agent.[0-9]* rwl,
/tmp/ssh-*[0-9]*/ w,

# for debugging
# /dev/pts/[0-9]* rw,
}
}

--
Il n'existe aucune limite sacrée ou non à l'action de l'homme dans
l'univers. Depuis nos origines nous avons le choix: être aveuglé par
la vérité ou coudre nos paupières.
- [no one is innocent]

Christian Boltz

unread,
Feb 6, 2023, 8:40:04 AM2/6/23
to
Hello,

Am Mittwoch, 1. Februar 2023, 16:00:06 CET schrieb Antoine Beaupré:
> On 2023-01-31 23:57:04, Christian Boltz wrote:
> > I'm somewhat surprised about that because the upstream profile for
> > sshd has the following rule since Dec 3 2016 :
> > /{usr/,}bin/bash Uxr,
[...]
> > Now I wonder - does your sshd profile lack this line/rule?
> > (If in doubt, please attach the complete profile.)
[...]
> I *think* those are some "extra" profiles I might have manually
> deployed at some point.

Possibly. That must have been years ago ;-)

> Now that I dig in the apparmor-profiles, I found a
> /usr/share/apparmor/extra-profiles/ directory and there *is* a
> usr.sbin.sshd profile in there. So I'm not sure what happened here,
> maybe I deployed those by hand but they never got updated?

Sounds like a valid explanation. The extra profiles never get copied to
/etc/apparmor.d/ automatically *), which also means they don't get
updated automatically.

*) only exception: aa-genprof offers to use them as starting point when
creating a _new_ profile

> I also am a little confused by apparmor-profiles shipping an
> "extra-profiles" directory *and* having at the same time an
> apparmor-profiles-extra that only ships a handful of profiles... It's
> all very confusing...

That's something one of the Debian packagers needs to answer.
(I use another distribution, see my signature ;-)

> Here's that old profile that was causing problems:
[...]
> /usr/sbin/sshd flags=(complain) {
[...]
> /bin/bash rUx,

That explains it - it doesn't allow /usr/bin/bash to be executed.

I'd recommend to copy over the latest sshd profile from extra-profiles to
/etc/apparmor.d/.


Regards,

Christian Boltz
--
> Using the internet since 28.8kbit. Yes, I'm 'old'.
My first modem was 300 bits/sec, you young whipper snapper! ;-)
[> Yamaban and James Knott in opensuse-factory]
signature.asc

Antoine Beaupré

unread,
Feb 6, 2023, 10:00:03 AM2/6/23
to
On 2023-02-06 14:20:32, Christian Boltz wrote:
> Hello,
>
> Am Mittwoch, 1. Februar 2023, 16:00:06 CET schrieb Antoine Beaupré:
>> On 2023-01-31 23:57:04, Christian Boltz wrote:
>> > I'm somewhat surprised about that because the upstream profile for
>> > sshd has the following rule since Dec 3 2016 :
>> > /{usr/,}bin/bash Uxr,
> [...]
>> > Now I wonder - does your sshd profile lack this line/rule?
>> > (If in doubt, please attach the complete profile.)
> [...]
>> I *think* those are some "extra" profiles I might have manually
>> deployed at some point.
>
> Possibly. That must have been years ago ;-)

Why yes it was! I'm old too! ;)

>> Now that I dig in the apparmor-profiles, I found a
>> /usr/share/apparmor/extra-profiles/ directory and there *is* a
>> usr.sbin.sshd profile in there. So I'm not sure what happened here,
>> maybe I deployed those by hand but they never got updated?
>
> Sounds like a valid explanation. The extra profiles never get copied to
> /etc/apparmor.d/ automatically *), which also means they don't get
> updated automatically.
>
> *) only exception: aa-genprof offers to use them as starting point when
> creating a _new_ profile

Yeah. So that's the thing here: it seems to me this is really error
prone! It's quite likely that someone will, like me, copy those profiles
over and then forget about it, and then they never get updated...

I think they should be moved to the profile-extras package instead.

>> I also am a little confused by apparmor-profiles shipping an
>> "extra-profiles" directory *and* having at the same time an
>> apparmor-profiles-extra that only ships a handful of profiles... It's
>> all very confusing...
>
> That's something one of the Debian packagers needs to answer.
> (I use another distribution, see my signature ;-)

Gotcha.

>> Here's that old profile that was causing problems:
> [...]
>> /usr/sbin/sshd flags=(complain) {
> [...]
>> /bin/bash rUx,
>
> That explains it - it doesn't allow /usr/bin/bash to be executed.
>
> I'd recommend to copy over the latest sshd profile from extra-profiles to
> /etc/apparmor.d/.

Well right now I just disabled the profile altogether, since there's no
clean way to update it.

>> Using the internet since 28.8kbit. Yes, I'm 'old'.
> My first modem was 300 bits/sec, you young whipper snapper! ;-)
> [> Yamaban and James Knott in opensuse-factory]

It took a while for me to get hooked up on the internet, but if my
memory is correct it was over 900 baud (strange to read those in bits,
actually)... Am I young now? :p

a.

--
During times of universal deceit, telling the truth becomes a
revolutionary act. - Georges Orwell
0 new messages