I forgot to mention what brought me to this bug. I am seeing this denial when running tcpdump in Ubuntu Yakkety:
apparmor="DENIED" operation="connect" profile="/usr/sbin/tcpdump" name="/run/dbus/system_bus_socket" pid=25098 comm="tcpdump" requested_mask="wr" denied_mask="wr" fsuid=0 ouid=0
After pulling the dbus-strict abstraction into the tcpdump profile, I then see this denial:
pid=2204 uid=105 auid=4294967295 ses=4294967295 msg='apparmor="DENIED" operation="dbus_method_call" bus="system" path="/org/freedesktop/resolve1" interface="org.freedesktop.resolve1.Manager" member="ResolveAddress" mask="send" name="org.freedesktop.resolve1" pid=25438 label="/usr/sbin/tcpdump" peer_pid=2471 peer_label="unconfined"
My proposed fix grants access to the ResolveAddress, ResolveHostname, ResolveRecord, and ResolveService methods of the D-Bus API.
I forgot to mention what brought me to this bug. I am seeing this denial when running tcpdump in Ubuntu Yakkety:
apparmor="DENIED" operation="connect" profile= "/usr/sbin/ tcpdump" name="/ run/dbus/ system_ bus_socket" pid=25098 comm="tcpdump" requested_mask="wr" denied_mask="wr" fsuid=0 ouid=0
After pulling the dbus-strict abstraction into the tcpdump profile, I then see this denial:
pid=2204 uid=105 auid=4294967295 ses=4294967295 msg='apparmor= "DENIED" operation= "dbus_method_ call" bus="system" path="/ org/freedesktop /resolve1" interface= "org.freedeskto p.resolve1. Manager" member= "ResolveAddress " mask="send" name="org. freedesktop. resolve1" pid=25438 label=" /usr/sbin/ tcpdump" peer_pid=2471 peer_label= "unconfined"
My proposed fix grants access to the ResolveAddress, ResolveHostname, ResolveRecord, and ResolveService methods of the D-Bus API.