[Touch-packages] [Bug 2051506] Re: apparmor blocks libnss-resolve socket
I'm using Ubuntu and affected on 22.04
apparmor package version 3.0.4-2ubuntu2.3
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/2051506
Title:
apparmor blocks libnss-resolve socket
Status in apparmor package in Ubuntu:
Confirmed
Bug description:
Usage of `libnss-resolve` socket is blocked by apparmor.
Evidence:
- Install `libnss-resolve`
- Set /etc/nsswitch.conf to have `hosts: files resolve`
- Try resolving anything, it fails
`strace` of affected process reveals:
`connect(5, {sa_family=AF_UNIX,
sun_path="/run/systemd/resolve/io.systemd.Resolve"}, 42) = -1 EACCES
(Permission denied)`
Run `aa-disable` on affected profile and `strace` it again, it works:
`connect(5, {sa_family=AF_UNIX,
sun_path="/run/systemd/resolve/io.systemd.Resolve"}, 42) = 0`
Note that using `aa-complain` DOES NOT work.
p.s. has this ever worked?
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/2051506/+subscriptions
--
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 2051506] Re: apparmor blocks libnss-resolve socket
Hi Gunnar,
could you share which AppArmor version you are running? and which kernel
version?
Thanks
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/2051506
Title:
apparmor blocks libnss-resolve socket
Status in apparmor package in Ubuntu:
Confirmed
Bug description:
Usage of `libnss-resolve` socket is blocked by apparmor.
Evidence:
- Install `libnss-resolve`
- Set /etc/nsswitch.conf to have `hosts: files resolve`
- Try resolving anything, it fails
`strace` of affected process reveals:
`connect(5, {sa_family=AF_UNIX,
sun_path="/run/systemd/resolve/io.systemd.Resolve"}, 42) = -1 EACCES
(Permission denied)`
Run `aa-disable` on affected profile and `strace` it again, it works:
`connect(5, {sa_family=AF_UNIX,
sun_path="/run/systemd/resolve/io.systemd.Resolve"}, 42) = 0`
Note that using `aa-complain` DOES NOT work.
p.s. has this ever worked?
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/2051506/+subscriptions
--
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 2051506] Re: apparmor blocks libnss-resolve socket
I forgot to add, the apparmor log contains this as the error f.ex when using
`ping`:
`apparmor="ALLOWED" operation="connect" info="Failed name lookup - disconnected
path" error=-13 profile="ping" name="run/systemd/resolve/io.systemd.Resolve"
pid=2450 comm="ping" requested_mask="wr" denied_mask="wr" fsuid=0 ouid=102`
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/2051506
Title:
apparmor blocks libnss-resolve socket
Status in apparmor package in Ubuntu:
Confirmed
Bug description:
Usage of `libnss-resolve` socket is blocked by apparmor.
Evidence:
- Install `libnss-resolve`
- Set /etc/nsswitch.conf to have `hosts: files resolve`
- Try resolving anything, it fails
`strace` of affected process reveals:
`connect(5, {sa_family=AF_UNIX,
sun_path="/run/systemd/resolve/io.systemd.Resolve"}, 42) = -1 EACCES
(Permission denied)`
Run `aa-disable` on affected profile and `strace` it again, it works:
`connect(5, {sa_family=AF_UNIX,
sun_path="/run/systemd/resolve/io.systemd.Resolve"}, 42) = 0`
Note that using `aa-complain` DOES NOT work.
p.s. has this ever worked?
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/2051506/+subscriptions
--
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 2051506] Re: apparmor blocks libnss-resolve socket
Status changed to 'Confirmed' because the bug affects multiple users.
** Changed in: apparmor (Ubuntu)
Status: New => Confirmed
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/2051506
Title:
apparmor blocks libnss-resolve socket
Status in apparmor package in Ubuntu:
Confirmed
Bug description:
Usage of `libnss-resolve` socket is blocked by apparmor.
Evidence:
- Install `libnss-resolve`
- Set /etc/nsswitch.conf to have `hosts: files resolve`
- Try resolving anything, it fails
`strace` of affected process reveals:
`connect(5, {sa_family=AF_UNIX,
sun_path="/run/systemd/resolve/io.systemd.Resolve"}, 42) = -1 EACCES
(Permission denied)`
Run `aa-disable` on affected profile and `strace` it again, it works:
`connect(5, {sa_family=AF_UNIX,
sun_path="/run/systemd/resolve/io.systemd.Resolve"}, 42) = 0`
Note that using `aa-complain` DOES NOT work.
p.s. has this ever worked?
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/2051506/+subscriptions
--
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help : https://help.launchpad.net/ListHelp
