[Bug 1362469] Re: AppArmor unrequested reply protection generates unallowable denials
Tyler Hicks
tyhicks at canonical.com
Thu Feb 19 23:26:05 UTC 2015
The AppArmor D-Bus mediation patches have been merged in upstream D-Bus.
The final patch set that was merged includes a fix for this bug, among
others that do not have Launchpad bugs but were discovered during the
upstream patch review process.
This is a debdiff to refresh the patches in our Vivid dbus package with
the versions that landed upstream.
I've tested it in an amd64 Vivid VM, using the test-dbus.py script from
lp:qa-regression-testing as well as the D-Bus regression tests in
lp:apparmor. I manually verified that the
org.freedesktop.DBus.GetConnectionCredentials method was working
correctly, as well as the legacy
org.freedesktop.DBus.GetAppArmorSecurityContext method. I also ran the
test case in comment #5 of this bug in addition to confining pasaffe and
verifying that this bug was fixed. Finally, I did manual exploratory
testing in the VM.
I also tested it on a Mako device using a vivid-proposed image (build
105). The testing was manual but I verified that I could use the
browser, use a webapp, install and use a new app, adjust system
settings, etc.
A PPA build of this package exists in ppa:ubuntu-security-proposed/ppa
** Patch added: "dbus_1.8.12-1ubuntu2.debdiff"
https://bugs.launchpad.net/ubuntu/+source/dbus/+bug/1362469/+attachment/4322934/+files/dbus_1.8.12-1ubuntu2.debdiff
** Changed in: dbus (Ubuntu)
Assignee: Tyler Hicks (tyhicks) => (unassigned)
** Changed in: dbus (Ubuntu)
Status: Triaged => Confirmed
--
You received this bug notification because you are a member of Ubuntu
Sponsors Team, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/1362469
Title:
AppArmor unrequested reply protection generates unallowable denials
Status in dbus package in Ubuntu:
Confirmed
Bug description:
Starting with utopic's dbus 1.8.6-1ubuntu1 package, the new AppArmor
unrequested reply protections can generate some denials that can't
easily be allowed in policy. For example, when running a confined
pasaffe, you see these denials when starting and closing pasaffe:
apparmor="DENIED" operation="dbus_error" bus="session"
error_name="org.freedesktop.DBus.Error.UnknownMethod" mask="send"
name=":1.22" pid=4993 profile="/usr/bin/pasaffe" peer_pid=3624
peer_profile="unconfined"
It isn't obvious how to construct an AppArmor D-Bus rule to allow that
operation. A bare "dbus," rule allows it but that's not acceptable for
profiles implementing tight D-Bus confinement.
The code that implements unrequested reply protections should be
reviewed for issues and, if everything looks good there,
investigations into how to allow the operation that triggers the above
denial should occur.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/dbus/+bug/1362469/+subscriptions
More information about the Ubuntu-sponsors
mailing list