Ubuntu
geoclue-2.0 package

geoclue service prevented from working by apparmor profile

Bug #2030951 reported by Julian Andres Klode
20
This bug affects 3 people
Affects Status Importance Assigned to Milestone
geoclue-2.0 (Ubuntu)
Fix Released
High
Sebastien Bacher

Bug Description

The geoclue service doesn't start anymore in mantic, failing with

(geoclue:8550): Geoclue-CRITICAL **: 10:56:36.151: Failed to acquire name 'org.freedesktop.GeoClue2' on system bus or lost it.

ProblemType: Bug
DistroRelease: Ubuntu 23.10
Package: geoclue-2.0 2.7.0-3
ProcVersionSignature: Ubuntu 6.3.0-7.7-generic 6.3.5
Uname: Linux 6.3.0-7-generic x86_64
ApportVersion: 2.27.0-0ubuntu2
Architecture: amd64
CasperMD5CheckResult: pass
CurrentDesktop: GNOME
Date: Thu Aug 10 10:57:41 2023
InstallationDate: Installed on 2022-11-26 (256 days ago)
InstallationMedia: Ubuntu 23.04 "Lunar Lobster" - Alpha amd64 (20221126)
SourcePackage: geoclue-2.0
UpgradeStatus: No upgrade log present (probably fresh install)

Revision history for this message
Julian Andres Klode (juliank) wrote :
Revision history for this message
Julian Andres Klode (juliank) wrote :
Download full text (6.4 KiB)

Ignore the dconf ones, I manually tried to start it, but that seems to be an apparmor profile issue:

Aug 10 10:55:54 jak-t14-g3 kernel: audit: type=1400 audit(1691657754.860:110): apparmor="DENIED" operation="connect" class="file" info="Failed name lookup - disconnected path" error=-13 profile="/usr/libexec/geoclue" name="run/dbus/system_bus_socket" pid=6521 comm="pool-geoclue" requested_mask="wr" denied_mask="wr" fsuid=123 ouid=0
Aug 10 10:55:54 jak-t14-g3 kernel: audit: type=1400 audit(1691657754.860:111): apparmor="DENIED" operation="sendmsg" class="file" info="Failed name lookup - disconnected path" error=-13 profile="/usr/libexec/geoclue" name="run/systemd/journal/socket" pid=6521 comm="geoclue" requested_mask="w" denied_mask="w" fsuid=123 ouid=0
Aug 10 10:56:36 jak-t14-g3 kernel: audit: type=1400 audit(1691657796.149:114): apparmor="DENIED" operation="connect" class="file" info="Failed name lookup - disconnected path" error=-13 profile="/usr/libexec/geoclue" name="run/dbus/system_bus_socket" pid=8550 comm="pool-geoclue" requested_mask="wr" denied_mask="wr" fsuid=123 ouid=0
Aug 10 10:56:36 jak-t14-g3 kernel: audit: type=1400 audit(1691657796.149:115): apparmor="DENIED" operation="sendmsg" class="file" info="Failed name lookup - disconnected path" error=-13 profile="/usr/libexec/geoclue" name="run/systemd/journal/socket" pid=8550 comm="geoclue" requested_mask="w" denied_mask="w" fsuid=123 ouid=0
Aug 10 10:59:20 jak-t14-g3 kernel: audit: type=1400 audit(1691657960.520:116): apparmor="DENIED" operation="connect" class="file" info="Failed name lookup - disconnected path" error=-13 profile="/usr/libexec/geoclue" name="run/dbus/system_bus_socket" pid=13529 comm="pool-geoclue" requested_mask="wr" denied_mask="wr" fsuid=123 ouid=0
Aug 10 10:59:20 jak-t14-g3 kernel: audit: type=1400 audit(1691657960.520:117): apparmor="DENIED" operation="sendmsg" class="file" info="Failed name lookup - disconnected path" error=-13 profile="/usr/libexec/geoclue" name="run/systemd/journal/socket" pid=13529 comm="geoclue" requested_mask="w" denied_mask="w" fsuid=123 ouid=0
Aug 10 11:00:22 jak-t14-g3 kernel: audit: type=1107 audit(1691658022.425:118): pid=1996 uid=102 auid=4294967295 ses=4294967295 subj=unconfined msg='apparmor="DENIED" operation="dbus_method_call" bus="system" path="/org/freedesktop/NetworkManager" interface="org.freedesktop.DBus.Properties" member="GetAll" mask="send" name=":1.13" pid=14683 label="/usr/libexec/geoclue" peer_pid=2096 peer_label="unconfined"
Aug 10 11:00:22 jak-t14-g3 kernel: audit: type=1400 audit(1691658022.429:119): apparmor="DENIED" operation="open" class="file" profile="/usr/libexec/geoclue" name="/run/user/1000/dconf/user" pid=14683 comm="geoclue" requested_mask="wrc" denied_mask="wrc" fsuid=1000 ouid=1000
Aug 10 11:00:22 jak-t14-g3 kernel: audit: type=1400 audit(1691658022.429:120): apparmor="DENIED" operation="open" class="file" profile="/usr/libexec/geoclue" name="/home/jak/.config/dconf/user" pid=14683 comm="geoclue" requested_mask="r" denied_mask="r" fsuid=1000 ouid=1000
Aug 10 11:00:22 jak-t14-g3 kernel: audit: type=1400 audit(1691658022.429:121): apparmor="DENIED" operation="open" class="file" profile="/usr/libexec/geo...

Read more...

Julian Andres Klode (juliank)
tags: added: rls-mm-incoming
Revision history for this message
Jeremy Bícha (jbicha) wrote :

https://launchpad.net/ubuntu/+source/geoclue-2.0/2.7.0-3ubuntu1 landed in mantic today. Does it fix your issue?

Revision history for this message
Julian Andres Klode (juliank) wrote :

No of course not, the AppArmor profile has not yet been fixed such that the geoclue service can actually start.

Jeremy Bícha (jbicha)
Changed in geoclue-2.0 (Ubuntu):
importance: Undecided → High
status: New → Confirmed
Revision history for this message
Georgia Garcia (georgiag) wrote :

Hi! I updated the AppArmor policy from geoclue-2.0 and uploaded to a PPA https://launchpad.net/~georgiag/+archive/ubuntu/lp2030951/+packages

From what I checked, it is starting successfully now, but let me know if it's not.

$ sudo systemctl status geoclue.service
● geoclue.service - Location Lookup Service
     Loaded: loaded (/lib/systemd/system/geoclue.service; static)
     Active: active (running) since Fri 2023-08-25 16:20:34 -03; 1s ago
   Main PID: 14146 (geoclue)
      Tasks: 5 (limit: 1056)
     Memory: 1.9M
        CPU: 56ms
     CGroup: /system.slice/geoclue.service
             └─14146 /usr/libexec/geoclue

Aug 25 16:20:34 sec-mantic-amd64 systemd[1]: Starting geoclue.service - Location Lookup Service...
Aug 25 16:20:34 sec-mantic-amd64 systemd[1]: Started geoclue.service - Location Lookup Service.

Revision history for this message
Sergio Durigan Junior (sergiodj) wrote :

Hello Georgia,

I noticed that you subscribed ubuntu-sponsors to this bug, but haven't provided a debdiff or an MP with the proposed change to be reviewed. I know I could obtain it from the PPA, but I'd prefer if you could put something more "official" together.

Thanks!

Revision history for this message
Sebastien Bacher (seb128) wrote :

Thanks for the fix Georgia, I've uploaded it to mantic now and also sent it back to the Debian maintainer

Changed in geoclue-2.0 (Ubuntu):
status: Confirmed → Fix Committed
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package geoclue-2.0 - 2.7.0-3ubuntu2

---------------
geoclue-2.0 (2.7.0-3ubuntu2) mantic; urgency=medium

  * debian/local/usr.libexec.geoclue:
    - Update apparmor policy to allow several DBus operations.
      (LP: #2030951)

 -- Georgia Garcia <email address hidden> Fri, 25 Aug 2023 15:20:04 -0300

Changed in geoclue-2.0 (Ubuntu):
status: Fix Committed → Fix Released
Revision history for this message
Sebastien Bacher (seb128) wrote : Re: geoclue.service fails to start

Reopening, it owns the dbus name fine now but is still not working

summary: - geoclue.service fails to start: (geoclue:8550): Geoclue-CRITICAL **:
- 10:56:36.151: Failed to acquire name 'org.freedesktop.GeoClue2' on
- system bus or lost it.
+ geoclue.service fails to start
Changed in geoclue-2.0 (Ubuntu):
status: Fix Released → Triaged
Revision history for this message
Julian Andres Klode (juliank) wrote :

Starts here afaict, gps blocked by apparmor though.

What do you see, seb?

● geoclue.service - Location Lookup Service
     Loaded: loaded (/lib/systemd/system/geoclue.service; static)
     Active: active (running) since Wed 2023-09-20 18:53:28 CEST; 35s ago
   Main PID: 1594438 (geoclue)
      Tasks: 4 (limit: 37482)
     Memory: 2.4M
        CPU: 153ms
     CGroup: /system.slice/geoclue.service
             └─1594438 /usr/libexec/geoclue

Sep 20 18:53:28 jak-t14-g3 systemd[1]: Starting geoclue.service - Location Lookup Service...
Sep 20 18:53:28 jak-t14-g3 systemd[1]: Started geoclue.service - Location Lookup Service.
Sep 20 18:53:28 jak-t14-g3 geoclue[1594438]: Failed to set GPS refresh rate: GDBus.Error:org.freedesktop.DBus.Error.AccessDenied: An AppArmor policy prevents this sender from sending this message to this recipient; type="method_call", sender=":1.2613" (uid=123 pid=1594438 comm="/usr/libexec/geoclue" label="/usr/libexec/geoclue (enforce)") interface="org.freedesktop.ModemManager1.Modem.Location" member="SetGpsRefreshRate" error name="(unset)" requested_reply="0" destination=":1.17" (uid=0 pid=2021 comm="/usr/sbin/ModemManager" label="unconfined")

Revision history for this message
Jeremy Bícha (jbicha) wrote :

Julian, I think you're saying the same as Seb. The service can start but the new apparmor profile in Ubuntu 23.10 is preventing geoclue from providing location info to apps and services that use geoclue.

Revision history for this message
Julian Andres Klode (juliank) wrote :

Oh that's possible but for me it's denying geoclue from accessing my LTE modem for GPS data, I don't have a test to check if it can provide other data.

Sebastien Bacher (seb128)
summary: - geoclue.service fails to start
+ geoclue service prevented from working by apparmor profile
Changed in geoclue-2.0 (Ubuntu):
assignee: nobody → Sebastien Bacher (seb128)
Revision history for this message
Sebastien Bacher (seb128) wrote :

The attached patch is enough to get the service working but doesn't accomodate for the GPS usecase, I expect there is more than the one denial Julian listed.

I would suggest updating the profile as we can but not putting it in enforce mode for mantic.

Revision history for this message
Julian Andres Klode (juliank) wrote :

FWIW, I disabled the AppArmor profile and clients still don't connect or rather geoclue times out, don't know what's going on but probably separate bug. Even deleted my modem devices and masked modemmanger, thinking it may be talking to that and hanging there

Tim Holmes-Mitra (timhm)
tags: removed: rls-mm-incoming
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package geoclue-2.0 - 2.7.0-3ubuntu3

---------------
geoclue-2.0 (2.7.0-3ubuntu3) mantic; urgency=medium

  * debian/geoclue-2.0.install, debian/local/usr.libexec.geoclue,
    debian/geoclue-2.0.maintscript:
    - remove the apparmor profile which was added by Debian this cycle,
      the dbus mediation is preventing it from working properly, the issue
      isn't visible in Debian since the dbus service there doesn't include
      the same features than in Ubuntu. It's a bit late in the cycle
      to ensure there will no regression so we prefer to not include it now
      (LP: #2030951)

 -- Sebastien Bacher <email address hidden> Tue, 26 Sep 2023 18:03:27 +0200

Changed in geoclue-2.0 (Ubuntu):
status: Triaged → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.