Comment 5 for bug 1713103

Revision history for this message
Tyler Hicks (tyhicks) wrote :

The apparmorfs kernel query interface file has more restrictive file permissions in the upstream kernel versus what we've had in the Ubuntu sauce patches.

In Artful (Ubuntu 4.11.0-13.19-generic 4.11.12):
$ ls -al /sys/kernel/security/apparmor/.access
-rw-rw-rw- 1 root root 0 Aug 15 17:38 /sys/kernel/security/apparmor/.access

In linux-next (4.13.0-rc6-next-20170824):
$ ls -al /sys/kernel/security/apparmor/.access
-rw-r----- 1 root root 0 Aug 24 21:26 /sys/kernel/security/apparmor/.access

This means that the D-Bus session bus cannot perform AppArmor policy queries because it can't open the .access file.