Log flooded with run/dbus/system_bus_socket wr denied

Bug #1569316 reported by Franck on 2016-04-12
28
This bug affects 5 people
Affects Status Importance Assigned to Milestone
AppArmor
Medium
Tyler Hicks
apparmor (Ubuntu)
High
Tyler Hicks

Bug Description

Since latest upgrade, my logs are flooded with this message :

audit: type=1400 audit(1460463960.943:31702): apparmor="ALLOWED" operation="connect" info="Failed name lookup - disconnected path" error=-13 profile="/usr/sbin/dnsmasq" name="run/dbus/system_bus_socket" pid=3448 comm="dnsmasq" requested_mask="wr" denied_mask="wr" fsuid=65534 ouid=0

ProblemType: Bug
DistroRelease: Ubuntu 16.04
Package: apparmor-profiles 2.10.95-0ubuntu1
ProcVersionSignature: Ubuntu 4.4.0-18.34-generic 4.4.6
Uname: Linux 4.4.0-18-generic x86_64
NonfreeKernelModules: zfs zunicode zcommon znvpair zavl
ApportVersion: 2.20.1-0ubuntu1
Architecture: amd64
CurrentDesktop: Unity
Date: Tue Apr 12 14:26:42 2016
InstallationDate: Installed on 2015-10-04 (190 days ago)
InstallationMedia: Ubuntu 15.10 "Wily Werewolf" - Alpha amd64 (20151002)
PackageArchitecture: all
ProcKernelCmdline: BOOT_IMAGE=/vmlinuz-4.4.0-18-generic.efi.signed root=/dev/mapper/ubuntu--vg-root ro noprompt persistent kaslr threadirqs quiet splash vt.handoff=7
SourcePackage: apparmor
Syslog:
 Apr 12 09:42:22 franck-ThinkPad-T430s dbus[2219]: [system] AppArmor D-Bus mediation is enabled
 Apr 12 12:24:39 franck-ThinkPad-T430s dbus[2318]: [system] AppArmor D-Bus mediation is enabled
UpgradeStatus: No upgrade log present (probably fresh install)
modified.conffile..etc.apparmor.d.sbin.klogd: [modified]
modified.conffile..etc.apparmor.d.sbin.syslogd: [modified]
modified.conffile..etc.apparmor.d.usr.bin.chromium.browser: [modified]
modified.conffile..etc.apparmor.d.usr.sbin.dovecot: [modified]
modified.conffile..etc.apparmor.d.usr.sbin.identd: [modified]
modified.conffile..etc.apparmor.d.usr.sbin.mdnsd: [modified]
modified.conffile..etc.apparmor.d.usr.sbin.nmbd: [modified]
modified.conffile..etc.apparmor.d.usr.sbin.smbd: [modified]
mtime.conffile..etc.apparmor.d.sbin.klogd: 2015-10-05T12:04:03.854535
mtime.conffile..etc.apparmor.d.sbin.syslogd: 2015-10-05T12:03:15.705968
mtime.conffile..etc.apparmor.d.usr.bin.chromium.browser: 2015-10-05T12:02:05.273141
mtime.conffile..etc.apparmor.d.usr.sbin.dovecot: 2015-10-05T12:00:55.356323
mtime.conffile..etc.apparmor.d.usr.sbin.identd: 2015-10-05T12:01:02.204403
mtime.conffile..etc.apparmor.d.usr.sbin.mdnsd: 2015-10-05T12:02:37.861523
mtime.conffile..etc.apparmor.d.usr.sbin.nmbd: 2015-10-05T12:00:10.119794
mtime.conffile..etc.apparmor.d.usr.sbin.smbd: 2015-10-05T12:00:26.103981

Franck (alci) wrote :
Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in apparmor (Ubuntu):
status: New → Confirmed
Julian Taylor (jtaylor) wrote :

attached apt history of the update which triggered the issue, it was a rather large one.

Tyler Hicks (tyhicks) wrote :

The network-manager upgrade from 1.0.4-0ubuntu10 to 1.1.93-0ubuntu2 is what triggered this new denial.

To fix this for 16.04, we'll have to simply add the attach_disconnected flag to the dnsmasq profile.

Changed in apparmor (Ubuntu):
assignee: nobody → Tyler Hicks (tyhicks)
importance: Undecided → High
status: Confirmed → In Progress
Tyler Hicks (tyhicks) wrote :

Committed as r3437 in lp:apparmor

Changed in apparmor:
assignee: nobody → Tyler Hicks (tyhicks)
importance: Undecided → Medium
status: New → Fix Committed
milestone: none → 2.11
Past (artem-pastukhov) on 2016-04-13
Changed in apparmor (Ubuntu):
status: In Progress → Fix Released
Christian Boltz (cboltz) on 2017-01-10
Changed in apparmor:
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers