This is most likely due to the apparmor_parser errors. They are caused by having a new apparmor_parser, new policy (which now includes dbus rules), and old kernel.
The parser should be checking to see if the kernel supports dbus rules. Looking at the mount rule support in the parser,
* in parser/parser_main.c:get_match_string():
- if apparmorfs/features/mount exists, the kernel_supports_mount global is set to 1
* in parser/parser_regex.c:post_process_mnt_ents():
- mount rule entries are only processed if kernel_supports_mount is not 0
- if kernel_supports_mount is 0, then a warning is emitted and the mount rule is ignored
The dbus rule support in the parser needs similar logic.
This is most likely due to the apparmor_parser errors. They are caused by having a new apparmor_parser, new policy (which now includes dbus rules), and old kernel.
The parser should be checking to see if the kernel supports dbus rules. Looking at the mount rule support in the parser,
* in parser/ parser_ main.c: get_match_ string( ): features/ mount exists, the kernel_ supports_ mount global is set to 1 parser_ regex.c: post_process_ mnt_ents( ): supports_ mount is not 0 supports_ mount is 0, then a warning is emitted and the mount rule is ignored
- if apparmorfs/
* in parser/
- mount rule entries are only processed if kernel_
- if kernel_
The dbus rule support in the parser needs similar logic.