16.04 , apparmor denies dbus communications

Bug #1699681 reported by sles
12
This bug affects 2 people
Affects Status Importance Assigned to Milestone
ejabberd (Ubuntu)
Confirmed
Undecided
Unassigned

Bug Description

Here is log:

[76401.788233] audit: type=1107 audit(1498111942.039:17): pid=507 uid=106 auid=4294967295 ses=4294967295 msg='apparmor="DENIED" operation="dbus_method_call" bus="system" path="/org/freedesktop/DBus" interface="org.freedesktop.DBus" member="Hello" mask="send" name="org.freedesktop.DBus" pid=4955 label="/usr/sbin/ejabberdctl//su" peer_label="unconfined"
                exe="/usr/bin/dbus-daemon" sauid=106 hostname=? addr=? terminal=?

Revision history for this message
Joseph Salisbury (jsalisbury) wrote : Missing required logs.

This bug is missing log files that will aid in diagnosing the problem. While running an Ubuntu kernel (not a mainline or third-party kernel) please enter the following command in a terminal window:

apport-collect 1699681

and then change the status of the bug to 'Confirmed'.

If, due to the nature of the issue you have encountered, you are unable to run this command, please add a comment stating that fact and change the bug status to 'Confirmed'.

This change has been made by an automated script, maintained by the Ubuntu Kernel Team.

Changed in linux (Ubuntu):
status: New → Incomplete
Revision history for this message
sles (slesru) wrote :

Looks like we need more fine grained version, but this works:

    dbus(send)
         bus=system,

in profile su {

btw, looks like there is bug in apparmor, because operation is denied even if
flags=(complain) is set.

Changed in linux (Ubuntu):
status: Incomplete → Confirmed
Revision history for this message
Tyler Hicks (tyhicks) wrote :

I've reassigned this bug to ejabberd since that package is what ships the profile in question:

$ dpkg -S /etc/apparmor.d/usr.sbin.ejabberdctl
ejabberd: /etc/apparmor.d/usr.sbin.ejabberdctl

I've also verified that `sudo ejabberdctl start` is broken due to AppArmor denials.

affects: linux (Ubuntu) → ejabberd (Ubuntu)
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.