[Bug 1807057] [NEW] Systemd passes a relative path to the unit-file for mariadb.service, which breaks apparmor.

Matt Rush 1807057 at bugs.launchpad.net
Thu Dec 6 00:47:36 UTC 2018 

Public bug reported:

Ubuntu's systemd implementation is passing a relative path for the
sytemd-notify socket 'run/systemd/notify' into the environment of the
mariadb.service unit-file. This breaks apparmor, since apparmor profile
rules require an absolute path '/run/systemd/notify rw,'.

Please fix this so I can enforce an apparmor profile with mariadb.

Nota Bene: the mysql-sever package doesn't have this problem. As far as
i can tell, this is because that package doesn't interact with the
systemd-notify socket, but I could be wrong.

I spoke with some patrons of #systemd on irc.freenode.net who claim this
is a bug in Ubuntu's systemd implementation, stating that it shouldn't
pass a relative path to the /run/systemd/notify socket.

Thanks for your maintenance. Systemd sucks but apparmor is cool. Since
your distro integrates both of these technologies, please fix this bug.

Thank you,

Matt Rush
OSCP, OSCE

ProblemType: Bug
DistroRelease: Ubuntu 18.04
Package: systemd 237-3ubuntu10.4
ProcVersionSignature: Ubuntu 4.15.0-1025.25-aws 4.15.18
Uname: Linux 4.15.0-1025-aws x86_64
ApportVersion: 2.20.9-0ubuntu7.4
Architecture: amd64
Date: Wed Dec  5 17:35:09 2018
Ec2AMI: ami-0ac019f4fcb7cb7e6
Ec2AMIManifest: (unknown)
Ec2AvailabilityZone: us-east-1b
Ec2InstanceType: t2.medium
Ec2Kernel: unavailable
Ec2Ramdisk: unavailable
Lsusb: Error: command ['lsusb'] failed with exit code 1:
MachineType: Xen HVM domU
ProcEnviron:
 TERM=xterm-256color
 PATH=(custom, no user)
 LANG=en_US.UTF-8
 SHELL=/bin/bash
ProcKernelCmdLine: BOOT_IMAGE=/boot/vmlinuz-4.15.0-1025-aws root=UUID=bbf64c6d-bc15-4ae0-aa4c-608fd9820d95 ro console=tty1 console=ttyS0 nvme.io_timeout=4294967295
SourcePackage: systemd
UpgradeStatus: No upgrade log present (probably fresh install)
dmi.bios.date: 08/24/2006
dmi.bios.vendor: Xen
dmi.bios.version: 4.2.amazon
dmi.chassis.type: 1
dmi.chassis.vendor: Xen
dmi.modalias: dmi:bvnXen:bvr4.2.amazon:bd08/24/2006:svnXen:pnHVMdomU:pvr4.2.amazon:cvnXen:ct1:cvr:
dmi.product.name: HVM domU
dmi.product.version: 4.2.amazon
dmi.sys.vendor: Xen

** Affects: systemd (Ubuntu)
     Importance: Undecided
         Status: New


** Tags: amd64 apport-bug bionic ec2-images

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to systemd in Ubuntu.
https://bugs.launchpad.net/bugs/1807057

Title:
  Systemd passes a relative path to the unit-file for mariadb.service,
  which breaks apparmor.

Status in systemd package in Ubuntu:
  New

Bug description:
  Ubuntu's systemd implementation is passing a relative path for the
  sytemd-notify socket 'run/systemd/notify' into the environment of the
  mariadb.service unit-file. This breaks apparmor, since apparmor
  profile rules require an absolute path '/run/systemd/notify rw,'.

  Please fix this so I can enforce an apparmor profile with mariadb.

  Nota Bene: the mysql-sever package doesn't have this problem. As far
  as i can tell, this is because that package doesn't interact with the
  systemd-notify socket, but I could be wrong.

  I spoke with some patrons of #systemd on irc.freenode.net who claim
  this is a bug in Ubuntu's systemd implementation, stating that it
  shouldn't pass a relative path to the /run/systemd/notify socket.

  Thanks for your maintenance. Systemd sucks but apparmor is cool. Since
  your distro integrates both of these technologies, please fix this
  bug.

  Thank you,

  Matt Rush
  OSCP, OSCE

  ProblemType: Bug
  DistroRelease: Ubuntu 18.04
  Package: systemd 237-3ubuntu10.4
  ProcVersionSignature: Ubuntu 4.15.0-1025.25-aws 4.15.18
  Uname: Linux 4.15.0-1025-aws x86_64
  ApportVersion: 2.20.9-0ubuntu7.4
  Architecture: amd64
  Date: Wed Dec  5 17:35:09 2018
  Ec2AMI: ami-0ac019f4fcb7cb7e6
  Ec2AMIManifest: (unknown)
  Ec2AvailabilityZone: us-east-1b
  Ec2InstanceType: t2.medium
  Ec2Kernel: unavailable
  Ec2Ramdisk: unavailable
  Lsusb: Error: command ['lsusb'] failed with exit code 1:
  MachineType: Xen HVM domU
  ProcEnviron:
   TERM=xterm-256color
   PATH=(custom, no user)
   LANG=en_US.UTF-8
   SHELL=/bin/bash
  ProcKernelCmdLine: BOOT_IMAGE=/boot/vmlinuz-4.15.0-1025-aws root=UUID=bbf64c6d-bc15-4ae0-aa4c-608fd9820d95 ro console=tty1 console=ttyS0 nvme.io_timeout=4294967295
  SourcePackage: systemd
  UpgradeStatus: No upgrade log present (probably fresh install)
  dmi.bios.date: 08/24/2006
  dmi.bios.vendor: Xen
  dmi.bios.version: 4.2.amazon
  dmi.chassis.type: 1
  dmi.chassis.vendor: Xen
  dmi.modalias: dmi:bvnXen:bvr4.2.amazon:bd08/24/2006:svnXen:pnHVMdomU:pvr4.2.amazon:cvnXen:ct1:cvr:
  dmi.product.name: HVM domU
  dmi.product.version: 4.2.amazon
  dmi.sys.vendor: Xen

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1807057/+subscriptions

More information about the foundations-bugs mailing list