Due to AppArmor profile restrictions Telepathy can't connect when networkd used instead of NetworkManager

Bug #1529074 reported by RussianNeuroMancer on 2015-12-24
10
This bug affects 2 people
Affects Status Importance Assigned to Milestone
apparmor (Ubuntu)
High
Jamie Strandboge

Bug Description

Due to AppArmor profile restrictions Telepathy can't connect when networkd used instead of NetworkManager. That was tested with KDE Telepathy on Kubuntu 16.04. Error message:

[ 2907.344638] audit: type=1400 audit(1450959038.587:32): apparmor="DENIED" operation="open" profile="/usr/lib/telepathy/telepathy-*" name="/run/systemd/resolve/resolv.conf" pid=3758 comm="pool" requested_mask="r" denied_mask="r" fsuid=1000 ouid=125
[ 2907.345097] audit: type=1400 audit(1450959038.587:33): apparmor="DENIED" operation="open" profile="/usr/lib/telepathy/telepathy-*" name="/run/systemd/resolve/resolv.conf" pid=3758 comm="pool" requested_mask="r" denied_mask="r" fsuid=1000 ouid=125
[ 2925.300267] audit: type=1400 audit(1450959056.544:34): apparmor="DENIED" operation="open" profile="/usr/lib/telepathy/telepathy-*" name="/run/systemd/resolve/resolv.conf" pid=3765 comm="pool" requested_mask="r" denied_mask="r" fsuid=1000 ouid=125
[ 2925.300656] audit: type=1400 audit(1450959056.544:35): apparmor="DENIED" operation="open" profile="/usr/lib/telepathy/telepathy-*" name="/run/systemd/resolve/resolv.conf" pid=3765 comm="pool" requested_mask="r" denied_mask="r" fsuid=1000 ouid=125
[ 2932.915149] audit: type=1400 audit(1450959064.156:36): apparmor="DENIED" operation="open" profile="/usr/lib/telepathy/telepathy-*" name="/run/systemd/resolve/resolv.conf" pid=3772 comm="pool" requested_mask="r" denied_mask="r" fsuid=1000 ouid=125
[ 2932.915975] audit: type=1400 audit(1450959064.156:37): apparmor="DENIED" operation="open" profile="/usr/lib/telepathy/telepathy-*" name="/run/systemd/resolve/resolv.conf" pid=3772 comm="pool" requested_mask="r" denied_mask="r" fsuid=1000 ouid=125
[ 2973.949765] audit: type=1400 audit(1450959105.184:38): apparmor="DENIED" operation="open" profile="/usr/lib/telepathy/telepathy-*" name="/run/systemd/resolve/resolv.conf" pid=3833 comm="pool" requested_mask="r" denied_mask="r" fsuid=1000 ouid=125
[ 2973.951471] audit: type=1400 audit(1450959105.188:39): apparmor="DENIED" operation="open" profile="/usr/lib/telepathy/telepathy-*" name="/run/systemd/resolve/resolv.conf" pid=3833 comm="pool" requested_mask="r" denied_mask="r" fsuid=1000 ouid=125

tags: added: apparmor wily xenial
Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in telepathy-mission-control-5 (Ubuntu):
status: New → Confirmed

Workaround: add line
/run/systemd/resolve/resolv.conf r,
to section /usr/lib/telepathy/telepathy-* in file /etc/apparmor.d/usr.lib.telepathy and then restart AppArmor.

Changed in telepathy-mission-control-5 (Ubuntu):
importance: Undecided → High
Jamie Strandboge (jdstrand) wrote :

Rather than adding this to the telepathy profile, it should be added to the apparmor nameservice abstraction.

affects: telepathy-mission-control-5 (Ubuntu) → apparmor (Ubuntu)
Changed in apparmor (Ubuntu):
assignee: nobody → Jamie Strandboge (jdstrand)
status: Confirmed → In Progress
Changed in apparmor (Ubuntu):
status: In Progress → Fix Committed
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package apparmor - 2.10-0ubuntu10

---------------
apparmor (2.10-0ubuntu10) xenial; urgency=medium

  * debian/patches/lp1529074.patch: for systems using networkd, add read on
    /run/systemd/resolve/resolv.conf (LP: #1529074)

 -- Jamie Strandboge <email address hidden> Tue, 05 Jan 2016 10:00:20 -0600

Changed in apparmor (Ubuntu):
status: Fix Committed → Fix Released

Thanks for fix!

To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers