Ubuntu
apparmor package

In 16.10, several apps want write access to /run/systemd/journal/socket

Bug #1634418 reported by Franck
18
This bug affects 3 people
Affects Status Importance Assigned to Milestone
AppArmor
Invalid
Undecided
Unassigned
apparmor (Ubuntu)
Invalid
Undecided
Unassigned

Bug Description

Several app try to write into /run/systemd/journal/socket
Maybe this should be an abstraction ?

Firefox:

audit: type=1400 audit(1476701934.614:4137): apparmor="DENIED" operation="sendmsg" profile="/usr/lib/firefox/firefox{,*[^s][^h]}" name="/run/systemd/journal/socket" pid=25552 comm="firefox" requested_mask="w" denied_mask="w" fsuid=1000 ouid=0

evince:
audit: type=1400 audit(1476705359.562:4182): apparmor="DENIED" operation="sendmsg" profile="/usr/bin/evince" name="/run/systemd/journal/socket" pid=27271 comm="evince" requested_mask="w" denied_mask="w" fsuid=1000 ouid=0

ProblemType: Bug
DistroRelease: Ubuntu 16.10
Package: apparmor 2.10.95-4ubuntu5.1
ProcVersionSignature: Ubuntu 4.8.0-25.27-generic 4.8.1
Uname: Linux 4.8.0-25-generic x86_64
NonfreeKernelModules: zfs zunicode zcommon znvpair zavl
ApportVersion: 2.20.3-0ubuntu8
Architecture: amd64
CurrentDesktop: Unity
Date: Tue Oct 18 11:00:02 2016
InstallationDate: Installed on 2015-10-04 (379 days ago)
InstallationMedia: Ubuntu 15.10 "Wily Werewolf" - Alpha amd64 (20151002)
ProcKernelCmdline: BOOT_IMAGE=/vmlinuz-4.8.0-25-generic.efi.signed root=/dev/mapper/ubuntu--vg-root ro noprompt persistent kaslr threadirqs quiet splash vt.handoff=7
SourcePackage: apparmor
Syslog:
 Oct 18 09:01:30 franck-ThinkPad-T430s dbus[5726]: apparmor="DENIED" operation="dbus_signal" bus="session" path="/org/gnome/GConf/Server" interface="org.gnome.GConf.Server" member="Bye" name=":1.128" mask="receive" pid=8287 label="/usr/lib/firefox/firefox{,*[^s][^h]}" peer_pid=7443 peer_label="unconfined"
 Oct 18 09:02:58 franck-ThinkPad-T430s dbus[3449]: [system] AppArmor D-Bus mediation is enabled
 Oct 18 10:50:57 franck-ThinkPad-T430s dbus[3455]: [system] AppArmor D-Bus mediation is enabled
UpgradeStatus: Upgraded to yakkety on 2016-10-14 (3 days ago)

Revision history for this message
Franck (alci) wrote :
Revision history for this message
Steve Beattie (sbeattie) wrote :

Thank you for taking the time to report this bug and helping to make Ubuntu better. This particular bug has already been reported and is a duplicate of bug 1598759, so it is being marked as such. Please look at the other bug report to see if there is any missing information that you can provide, or to see if there is a workaround for the bug. Additionally, any further discussion regarding the bug should occur in the other report. Please continue to report any other bugs you may find.

Changed in apparmor (Ubuntu):
status: New → Confirmed
Revision history for this message
Seth Arnold (seth-arnold) wrote :

dino99, please note, this bug is for writing to the journald socket, which is unrelated to the dbus system socket that is referenced in the other bug.

Thanks

Christian Boltz (cboltz)
tags: added: aa-policy
Václav Haisman (vzeman79)
tags: added: zesty
Revision history for this message
dino99 (9d9) wrote :

Zesty is now off and yakkety too.

Changed in apparmor (Ubuntu):
status: Confirmed → Invalid
Changed in apparmor:
status: New → Invalid
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Duplicates of this bug

Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.