[apparmor] Attempting FullSystemPolicy with Ubuntu 18.04.2 LTS...
Simon McVittie
smcv at collabora.com
Thu May 30 19:04:34 UTC 2019
On Thu, 30 May 2019 at 11:47:35 -0700, Ian wrote:
> I did notice this in /var/log/syslog:
>
> May 30 10:46:51 1546-w-dev dbus-daemon[9496]: [system] Activating systemd
> to hand-off: service name='org.freedesktop.hostname1' unit=
> 'dbus-org.freedesktop.hostname1.service' requested by ':1.21' (uid=0 pid=
> 10058 comm="/usr/sbin/NetworkManager --no-daemon " label=
> "usr.sbin.NetworkManager (complain)"
This does not, in itself, indicate a bug. Whenever dbus-daemon logs an
"interesting" action like service activation, it logs all the information
it knows about the requesting process, which on AppArmor systems includes
the AppArmor label.
(complain) means the usr.sbin.NetworkManager profile is loaded in
"complain" mode, meaning that if NM does anything that would violate its
AppArmor policy, it will be logged as ALLOWED and allowed to happen,
instead of being denied. If this is not what you wanted, please look
more closely at your AppArmor policies.
smcv
More information about the AppArmor
mailing list