[Bug 1362469] [NEW] AppArmor unrequested reply protection generates unallowable denials
Launchpad Bug Tracker
1362469 at bugs.launchpad.net
Thu Feb 19 23:27:04 UTC 2015
You have been subscribed to a public bug by Tyler Hicks (tyhicks):
Starting with utopic's dbus 1.8.6-1ubuntu1 package, the new AppArmor
unrequested reply protections can generate some denials that can't
easily be allowed in policy. For example, when running a confined
pasaffe, you see these denials when starting and closing pasaffe:
apparmor="DENIED" operation="dbus_error" bus="session"
error_name="org.freedesktop.DBus.Error.UnknownMethod" mask="send"
name=":1.22" pid=4993 profile="/usr/bin/pasaffe" peer_pid=3624
peer_profile="unconfined"
It isn't obvious how to construct an AppArmor D-Bus rule to allow that
operation. A bare "dbus," rule allows it but that's not acceptable for
profiles implementing tight D-Bus confinement.
The code that implements unrequested reply protections should be
reviewed for issues and, if everything looks good there, investigations
into how to allow the operation that triggers the above denial should
occur.
** Affects: dbus (Ubuntu)
Importance: Medium
Assignee: Tyler Hicks (tyhicks)
Status: Triaged
** Tags: application-confinement
--
AppArmor unrequested reply protection generates unallowable denials
https://bugs.launchpad.net/bugs/1362469
You received this bug notification because you are a member of Ubuntu Sponsors Team, which is subscribed to the bug report.
More information about the Ubuntu-sponsors
mailing list