[apparmor] Custom DBUS daemon and apparmor
Sébastien Sénéchal
altagir at gmail.com
Tue Nov 19 16:03:24 UTC 2013
Hello all
I am writing an app usig remote DBUS for communication
since dbus 1.6.12, apparmor is used for authentication, so i am trying to
find
correct way to setup…
this involves:
- a dbus listening on tcp:host=127.0.0.1,bind=*,port=14500
dbus-daemon --config-file=/etc/dbus-1/custom.conf
- the service itself which connect to the bus and register service
- clients who can then send calls to the service
when i used <apparmor mode="disabled"/> in /etc/dbus-1/custom.conf,
Everyhing works fine.
I re-enabled apparmor in d bus-deamon config file and I created a apparmor
profile for my the daemon
/usr/lib/kde4/libexec/mydaemeon {
dbus,
network ,
capability,
….
}
same for /usr/bin/clients
Issue is that connection is always closed….
telnet 127.0.0.1 14500 works only when disabled, else connection is closed.
apparmor profile seems fine (works when using system dbus + apparmor). but
fails connecting using a QDBusConnection with a custom bus
QDBusConnection lasterror :
Did not receive a reply. Possible causes include: the remote application
did not send a reply, the message bus security policy blocked the reply,
the reply timeout expired, or the network connection was broken.
I also attempt configuring a profile for /usr/daemon-bus. to no avail…
I see nothing in kernel.log related to apparmor… no denied. yet it is
apparmor who prevents me from accessing that port /..
does anyone has attempted a custom dbus accept incoming connection other
than disabling apparmor? or any idea?
I saw from the dev list that some work was needed on IPC. is that a
limitation/bug?
Thanks in advance, I am getting stuck on this
regards
below is my custom dbus : (127.0.0.1 example, can be a local static
interface)
<!DOCTYPE busconfig PUBLIC "-//freedesktop//DTD D-Bus Bus Configuration
1.0//EN"
"http://www.freedesktop.org/standards/dbus/1.0/busconfig.dtd">
<busconfig>
<fork/>
<servicedir>/usr/share/dbus-1/system-services</servicedir>
<syslog/>
<listen>tcp:host=127.0.0.1,bind=*,port=14500</listen>
<allow_anonymous/>
<listen>unix:path=/var/run/dbus/system_x10dbus_socket</listen>
<includedir>/etc/dbus-1/system.d/</includedir>
</busconfig>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20131119/57038961/attachment.html>
More information about the AppArmor
mailing list