[Bug 1226356] Re: explicit deny rules do not silence logging denials in dbus and mount rules

Mon Oct 7 07:38:51 UTC 2013

Hello @Tyler

Thank you for your comments.

>>In my opinion, a machine freeze is not likely to be caused by these

I am trying to coorelate the events which happen in syslog during time my machine freezes and i have to reboot.

See example log from syslog and note the timings

May be its not related to my issue with freeze , am trying to zero down
the possible issues.

Thanks again. Should i post on other bugs you mentioned ?

Oct  7 18:29:19 nanak-P570WM dbus[2902]: apparmor="DENIED" operation="dbus_method_call"  bus="session" name="org.freedesktop.DBus" path="/org/freedesktop/DBus" interface="org.freedesktop.DBus" member="Hello" mask="send" pid=5449 profile="/usr/bin/evince-thumbnailer" peer_profile="unconfined"
Oct  7 18:29:22 nanak-P570WM dbus[2902]: apparmor="DENIED" operation="dbus_method_call"  bus="session" name="org.freedesktop.DBus" path="/org/freedesktop/DBus" interface="org.freedesktop.DBus" member="Hello" mask="send" pid=5458 profile="/usr/bin/evince-thumbnailer" peer_profile="unconfined"
Oct  7 18:32:03 nanak-P570WM kernel: imklog 5.8.11, log source = /proc/kmsg started.
Oct  7 18:32:03 nanak-P570WM rsyslogd: [origin software="rsyslogd" swVersion="5.8.11" x-pid="873" x-info="http://www.rsyslog.com"] start
Oct  7 18:32:03 nanak-P570WM rsyslogd: rsyslogd's groupid changed to 103
Oct  7 18:32:03 nanak-P570WM rsyslogd: rsyslogd's userid changed to 101

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to dbus in Ubuntu.
https://bugs.launchpad.net/bugs/1226356

Title:
  explicit deny rules do not silence logging denials in dbus and mount
  rules

Status in “apparmor” package in Ubuntu:
  In Progress
Status in “dbus” package in Ubuntu:
  In Progress
Status in “apparmor” source package in Saucy:
  In Progress
Status in “dbus” source package in Saucy:
  In Progress

Bug description:
  I have this rule in my profile:
    # We want to explicitly deny access to NetworkManager
    deny dbus (send)
         bus=system
         path=/org/freedesktop/NetworkManager,

  but with this rule, I still see these denials:
  Sep 17 01:03:02 ubuntu-phablet dbus[622]: apparmor="DENIED" operation="dbus_method_call"  bus="system" name="org.freedesktop.NetworkManager" path="/org/freedesktop/NetworkManager" interface="org.freedesktop.DBus.Introspectable" member="Introspect" mask="send" pid=3201 profile="net.launchpad.ubuntu-security.ubuntu-sdk-1310-api-demos_ubuntu-sdk-1310-api-demos_0.1" peer_pid=1154 peer_profile="unconfined"
  Sep 17 01:03:02 ubuntu-phablet dbus[622]: apparmor="DENIED" operation="dbus_method_call"  bus="system" name="org.freedesktop.NetworkManager" path="/org/freedesktop/NetworkManager" interface="org.freedesktop.NetworkManager" member="GetDevices" mask="send" pid=3201 profile="net.launchpad.ubuntu-security.ubuntu-sdk-1310-api-demos_ubuntu-sdk-1310-api-demos_0.1" peer_pid=1154 peer_profile="unconfined"

  Another one is this deny rule:
     deny dbus send bus=session
               interface="org.gnome.GConf.Server",

  with these denials:
  Sep 16 17:37:58 localhost dbus[16510]: apparmor="DENIED" operation="dbus_method_call"  bus="session" name="org.gnome.GConf" path="/org/gnome/GConf/Server" interface="org.gnome.GConf.Server" member="GetDefaultDatabase" mask="send" pid=15037 profile="net.launchpad.ubuntu-security.ubuntu-sdk-1310-api-demos_ubuntu-sdk-1310-api-demos_0.1" peer_pid=16736 peer_profile="unconfined"

  While this isn't a 'high' priority because the accesses are still
  being denied, it is a bug and the lack of silencing may cause
  confusion for users.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1226356/+subscriptions