Ubuntu
apparmor package

Bug #1948752
Comment #5

Comment 5 for bug 1948752

Revision history for this message

D-nl-k (d-nl-k) wrote on 2022-06-09 (last edit on 2022-06-09):

Unfortunately that didn't made any change. My /etc/apparmor.d/usr.bin.redshift now looks like follows.

/usr/bin/redshift {

  dbus send bus="system"
        path="/org/freedesktop/DBus"
        interface="org.freedesktop.DBus"
        member="{GetNameOwner,StartServiceByName,AddMatch}",

  dbus send bus="system"
        path="/org/freedesktop/GeoClue2/Manager"
        interface="org.freedesktop.DBus.Properties"
        member="GetAll",

  dbus send bus="system"
        path="/org/freedesktop/GeoClue2/Manager"
        interface="org.freedesktop.GeoClue2.Manager"
        member="GetClient",

# Allow but log any other dbus activity
audit dbus bus=system,

owner @{HOME}/.config/redshift.conf r,
owner /run/user/*/redshift-shared-* rw,
}

(The last three lines where already in that file)
still tons of messages like this one:

[Do Jun 9 23:15:47 2022] audit: type=1420 audit(1654809348.128:59832): subj_apparmor=unconfined
[Do Jun 9 23:15:47 2022] audit: type=1107 audit(1654809348.128:59833): pid=977 uid=103 auid=4294967295 ses=4294967295 subj=? msg='apparmor="ALLOWED" operation="dbus_method_call" bus="system" path="/org/freedesktop/DBus" interface="org.freedesktop.DBus" member="StartServiceByName" mask="send" name="org.freedesktop.DBus" pid=158627 label="/usr/bin/redshift" peer_label="unconfined"
exe="/usr/bin/dbus-daemon" sauid=103 hostname=? addr=? terminal=?'
[Do Jun 9 23:15:47 2022] audit: type=1420 audit(1654809348.128:59834): subj_apparmor=unconfined

Ubuntuapparmor package

Comment 5 for bug 1948752

Ubuntu
apparmor package