This isn't fixed in AppArmor upstream. As an upstream, we decided against taking in this policy update until the patches to perform D-Bus mediation have landed in the upstream kernel. Without those patches, we'd be granting full access to the D-Bus system bus socket from the very commonly used namespace abstraction.
This isn't fixed in AppArmor upstream. As an upstream, we decided against taking in this policy update until the patches to perform D-Bus mediation have landed in the upstream kernel. Without those patches, we'd be granting full access to the D-Bus system bus socket from the very commonly used namespace abstraction.