Package: geoclue-2.0 Version: 2.7.0-2 Severity: normal File: /etc/apparmor.d/usr.libexec.geoclue Usertags: apparmor
The geoclue apparmor confinement seems to cause unexpected denials when checking if IPv6 is disabled. Either the check mechanism should be allowed or it should be explicitly denied. Jul 25 09:17:39 systemd[1]: Starting geoclue.service - Location Lookup Service... Jul 25 09:17:39 systemd[1]: Started geoclue.service - Location Lookup Service. Jul 25 09:17:41 kernel: audit: type=1400 audit(1690247861.799:82): apparmor="DENIED" operation="open" class="file" profile="/usr/libexec/geoclue" name="/proc/sys/net/ipv6/conf/all/disable_ipv6" pid=1560 comm="pool-geoclue" requested_mask="r" denied_mask="r" fsuid=140 ouid=0 Jul 25 09:17:41 kernel: audit: type=1400 audit(1690247861.799:83): apparmor="DENIED" operation="open" class="file" profile="/usr/libexec/geoclue" name="/proc/sys/net/ipv6/conf/all/disable_ipv6" pid=1560 comm="pool-geoclue" requested_mask="r" denied_mask="r" fsuid=140 ouid=0 Jul 25 09:17:42 kernel: audit: type=1400 audit(1690247862.303:84): apparmor="DENIED" operation="open" class="file" profile="/usr/libexec/geoclue" name="/proc/sys/net/ipv6/conf/all/disable_ipv6" pid=1560 comm="pool-geoclue" requested_mask="r" denied_mask="r" fsuid=140 ouid=0 Jul 25 09:17:42 kernel: audit: type=1400 audit(1690247862.303:85): apparmor="DENIED" operation="open" class="file" profile="/usr/libexec/geoclue" name="/proc/sys/net/ipv6/conf/all/disable_ipv6" pid=1560 comm="pool-geoclue" requested_mask="r" denied_mask="r" fsuid=140 ouid=0 Jul 25 09:17:42 kernel: audit: type=1400 audit(1690247862.403:86): apparmor="DENIED" operation="open" class="file" profile="/usr/libexec/geoclue" name="/proc/sys/net/ipv6/conf/all/disable_ipv6" pid=1560 comm="pool-geoclue" requested_mask="r" denied_mask="r" fsuid=140 ouid=0 Jul 25 09:17:42 kernel: audit: type=1400 audit(1690247862.403:87): apparmor="DENIED" operation="open" class="file" profile="/usr/libexec/geoclue" name="/proc/sys/net/ipv6/conf/all/disable_ipv6" pid=1560 comm="pool-geoclue" requested_mask="r" denied_mask="r" fsuid=140 ouid=0 Jul 25 09:17:42 kernel: audit: type=1400 audit(1690247862.415:88): apparmor="DENIED" operation="open" class="file" profile="/usr/libexec/geoclue" name="/proc/sys/net/ipv6/conf/all/disable_ipv6" pid=1560 comm="pool-geoclue" requested_mask="r" denied_mask="r" fsuid=140 ouid=0 Jul 25 09:17:42 kernel: audit: type=1400 audit(1690247862.415:89): apparmor="DENIED" operation="open" class="file" profile="/usr/libexec/geoclue" name="/proc/sys/net/ipv6/conf/all/disable_ipv6" pid=1560 comm="pool-geoclue" requested_mask="r" denied_mask="r" fsuid=140 ouid=0 Jul 25 09:17:42 kernel: audit: type=1400 audit(1690247862.427:90): apparmor="DENIED" operation="open" class="file" profile="/usr/libexec/geoclue" name="/proc/sys/net/ipv6/conf/all/disable_ipv6" pid=1560 comm="pool-geoclue" requested_mask="r" denied_mask="r" fsuid=140 ouid=0 Jul 25 09:17:42 kernel: audit: type=1400 audit(1690247862.427:91): apparmor="DENIED" operation="open" class="file" profile="/usr/libexec/geoclue" name="/proc/sys/net/ipv6/conf/all/disable_ipv6" pid=1560 comm="pool-geoclue" requested_mask="r" denied_mask="r" fsuid=140 ouid=0 Jul 25 09:18:40 geoclue[1560]: Service not used for 60 seconds. Shutting down.. Jul 25 09:18:40 systemd[1]: geoclue.service: Deactivated successfully. -- System Information: Debian Release: trixie/sid APT prefers testing-debug APT policy: (900, 'testing-debug'), (900, 'testing'), (800, 'unstable-debug'), (800, 'unstable'), (790, 'buildd-unstable'), (700, 'experimental-debug'), (700, 'experimental'), (690, 'buildd-experimental') merged-usr: no Architecture: amd64 (x86_64) Kernel: Linux 6.4.0-1-amd64 (SMP w/8 CPU threads; PREEMPT) Kernel taint flags: TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE Locale: LANG=en_AU.utf8, LC_CTYPE=en_AU.utf8 (charmap=UTF-8), LANGUAGE=en_AU:en Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages geoclue-2.0 depends on: ii adduser 3.137 ii libavahi-client3 0.8-10 ii libavahi-common3 0.8-10 ii libavahi-glib1 0.8-10 ii libc6 2.37-6 ii libglib2.0-0 2.76.4-3 ii libjson-glib-1.0-0 1.6.6-1 ii libmm-glib0 1.20.6-2 ii libnotify4 0.8.2-1 ii libsoup-3.0-0 3.2.2-2 Versions of packages geoclue-2.0 recommends: ii avahi-daemon 0.8-10 ii iio-sensor-proxy 3.4-2 ii modemmanager 1.20.6-2 ii wpasupplicant 2:2.10-12 geoclue-2.0 suggests no packages. -- no debconf information -- bye, pabs https://wiki.debian.org/PaulWise
signature.asc
Description: This is a digitally signed message part
