Comment 0 for bug 1869024

systemd offers to create dynamic (and semi-stable) users for services. This causes many services using Apparmor profiles to trigger those denials (even when they don't use the DynamicUser feature):

audit: type=1107 audit(1585076282.591:30): pid=621 uid=103 auid=4294967295 ses=4294967295 msg='apparmor="DENIED" operation="dbus_method_call" bus="system" path="/org/freedesktop/systemd1" interface="org.freedesktop.systemd1.Manager" member="GetDynamicUsers" mask="send" name="org.freedesktop.systemd1" pid=709 label="/usr/sbin/squid" peer_pid=1 peer_label="unconfined"

And more recently with systemd 245 this also get shown:

audit: type=1400 audit(1585139000.628:39): apparmor="DENIED" operation="open" profile="/usr/sbin/squid" name="/run/systemd/userdb/" pid=769 comm="squid" requested_mask="r" denied_mask="r" fsuid=0 ouid=0