In 16.10, freshclam tries to access /run/dbus/system_socket

Bug #1634375 reported by Franck on 2016-10-18
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
apparmor (Ubuntu)
Undecided
Unassigned

Bug Description

In 16.10, usr.bin.freshclam profile does not allow access to /run/dbus/system_bus_socket, which freshclam tries to access.

apparmor="DENIED" operation="connect" profile="/usr/bin/freshclam" name="/run/dbus/system_bus_socket" pid=3423 comm="freshclam" requested_mask="wr" denied_mask="wr" fsuid=132 ouid=0

ProblemType: Bug
DistroRelease: Ubuntu 16.10
Package: apparmor 2.10.95-4ubuntu5
ProcVersionSignature: Ubuntu 4.8.0-22.24-generic 4.8.0
Uname: Linux 4.8.0-22-generic x86_64
NonfreeKernelModules: zfs zunicode zcommon znvpair zavl
ApportVersion: 2.20.3-0ubuntu8
Architecture: amd64
CurrentDesktop: Unity
Date: Tue Oct 18 08:52:16 2016
InstallationDate: Installed on 2015-10-04 (379 days ago)
InstallationMedia: Ubuntu 15.10 "Wily Werewolf" - Alpha amd64 (20151002)
ProcKernelCmdline: BOOT_IMAGE=/vmlinuz-4.8.0-22-generic.efi.signed root=/dev/mapper/ubuntu--vg-root ro noprompt persistent kaslr threadirqs quiet splash vt.handoff=7
SourcePackage: apparmor
Syslog:

UpgradeStatus: Upgraded to yakkety on 2016-10-14 (3 days ago)

Franck (alci) wrote :
Steve Beattie (sbeattie) wrote :

This issue is a duplicate of bug 1598759, the rejection is due to the dns resolver attempting to do lookups over dbus to systemd-resolved. If you can, please test the fix in yakkety-proposed in the apparmor package. Thanks for reporting the issue.

To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers