Ubuntu
apparmor package

Log flooded with run/dbus/system_bus_socket wr denied

Bug #1569316 reported by Franck
28
This bug affects 5 people
Affects Status Importance Assigned to Milestone
AppArmor
Fix Released
Medium
Tyler Hicks
AppArmor 2.11
apparmor (Ubuntu)
Fix Released
High
Tyler Hicks

Bug Description

Since latest upgrade, my logs are flooded with this message :

audit: type=1400 audit(1460463960.943:31702): apparmor="ALLOWED" operation="connect" info="Failed name lookup - disconnected path" error=-13 profile="/usr/sbin/dnsmasq" name="run/dbus/system_bus_socket" pid=3448 comm="dnsmasq" requested_mask="wr" denied_mask="wr" fsuid=65534 ouid=0

ProblemType: Bug
DistroRelease: Ubuntu 16.04
Package: apparmor-profiles 2.10.95-0ubuntu1
ProcVersionSignature: Ubuntu 4.4.0-18.34-generic 4.4.6
Uname: Linux 4.4.0-18-generic x86_64
NonfreeKernelModules: zfs zunicode zcommon znvpair zavl
ApportVersion: 2.20.1-0ubuntu1
Architecture: amd64
CurrentDesktop: Unity
Date: Tue Apr 12 14:26:42 2016
InstallationDate: Installed on 2015-10-04 (190 days ago)
InstallationMedia: Ubuntu 15.10 "Wily Werewolf" - Alpha amd64 (20151002)
PackageArchitecture: all
ProcKernelCmdline: BOOT_IMAGE=/vmlinuz-4.4.0-18-generic.efi.signed root=/dev/mapper/ubuntu--vg-root ro noprompt persistent kaslr threadirqs quiet splash vt.handoff=7
SourcePackage: apparmor
Syslog:
 Apr 12 09:42:22 franck-ThinkPad-T430s dbus[2219]: [system] AppArmor D-Bus mediation is enabled
 Apr 12 12:24:39 franck-ThinkPad-T430s dbus[2318]: [system] AppArmor D-Bus mediation is enabled
UpgradeStatus: No upgrade log present (probably fresh install)
modified.conffile..etc.apparmor.d.sbin.klogd: [modified]
modified.conffile..etc.apparmor.d.sbin.syslogd: [modified]
modified.conffile..etc.apparmor.d.usr.bin.chromium.browser: [modified]
modified.conffile..etc.apparmor.d.usr.sbin.dovecot: [modified]
modified.conffile..etc.apparmor.d.usr.sbin.identd: [modified]
modified.conffile..etc.apparmor.d.usr.sbin.mdnsd: [modified]
modified.conffile..etc.apparmor.d.usr.sbin.nmbd: [modified]
modified.conffile..etc.apparmor.d.usr.sbin.smbd: [modified]
mtime.conffile..etc.apparmor.d.sbin.klogd: 2015-10-05T12:04:03.854535
mtime.conffile..etc.apparmor.d.sbin.syslogd: 2015-10-05T12:03:15.705968
mtime.conffile..etc.apparmor.d.usr.bin.chromium.browser: 2015-10-05T12:02:05.273141
mtime.conffile..etc.apparmor.d.usr.sbin.dovecot: 2015-10-05T12:00:55.356323
mtime.conffile..etc.apparmor.d.usr.sbin.identd: 2015-10-05T12:01:02.204403
mtime.conffile..etc.apparmor.d.usr.sbin.mdnsd: 2015-10-05T12:02:37.861523
mtime.conffile..etc.apparmor.d.usr.sbin.nmbd: 2015-10-05T12:00:10.119794
mtime.conffile..etc.apparmor.d.usr.sbin.smbd: 2015-10-05T12:00:26.103981

Revision history for this message
Franck (alci) wrote :
Revision history for this message
Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in apparmor (Ubuntu):
status: New → Confirmed
Revision history for this message
Julian Taylor (jtaylor) wrote :

attached apt history of the update which triggered the issue, it was a rather large one.

Revision history for this message
Tyler Hicks (tyhicks) wrote :

The network-manager upgrade from 1.0.4-0ubuntu10 to 1.1.93-0ubuntu2 is what triggered this new denial.

To fix this for 16.04, we'll have to simply add the attach_disconnected flag to the dnsmasq profile.

Changed in apparmor (Ubuntu):
assignee: nobody → Tyler Hicks (tyhicks)
importance: Undecided → High
status: Confirmed → In Progress
Revision history for this message
Tyler Hicks (tyhicks) wrote :

Committed as r3437 in lp:apparmor

Changed in apparmor:
assignee: nobody → Tyler Hicks (tyhicks)
importance: Undecided → Medium
status: New → Fix Committed
milestone: none → 2.11
Past (artem-pastukhov)
Changed in apparmor (Ubuntu):
status: In Progress → Fix Released
Christian Boltz (cboltz)
Changed in apparmor:
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.