[Touch-packages] [Bug 1948752] Re: apparmor is logging too many messages
Ah! The rule ``` audit dbus bus=system, ``` is the problem. It is tagging every dbus match to be audited. You can drop that rule entirely, and just add dbus allow rules as needed, like the first 3 rules. Or you could allow all dbus system bus accesses by dropping the ```audit``` keyword, in which case you could also drop the first 3 dbus rules. Unfortunately you can't do what this rule is trying to do atm, which allow dbus accesses but log the ones we don't know about, while enforcing the other rules. You can get something some what close by putting the profile into complain mode, which will log a message for every unknown access type, but it will also allow all accesses. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apparmor in Ubuntu. https://bugs.launchpad.net/bugs/1948752 Title: apparmor is logging too many messages Status in Redshift: New Status in apparmor package in Ubuntu: New Bug description: Unfortunately, this bug does not seem to be fixed yet. My syslog is flooded with ALLOWED messages regarding redshift. My system is a Kubuntu 21.04. AppArmor is V. 3.0.0-0ubuntu7.1 Attached you'll find an excerpt from /var/log/syslog for the last 5 minutes. To manage notifications about this bug go to: https://bugs.launchpad.net/redshift/+bug/1948752/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1948752] Re: apparmor is logging too many messages
Unfortunately that didn't made any change. My
/etc/apparmor.d/usr.bin.redshift now looks like follows.
/usr/bin/redshift {
dbus send bus="system"
path="/org/freedesktop/DBus"
interface="org.freedesktop.DBus"
member="{GetNameOwner,StartServiceByName,AddMatch}",
dbus send bus="system"
path="/org/freedesktop/GeoClue2/Manager"
interface="org.freedesktop.DBus.Properties"
member="GetAll",
dbus send bus="system"
path="/org/freedesktop/GeoClue2/Manager"
interface="org.freedesktop.GeoClue2.Manager"
member="GetClient",
# Allow but log any other dbus activity
audit dbus bus=system,
owner @{HOME}/.config/redshift.conf r,
owner /run/user/*/redshift-shared-* rw,
}
(The last three lines where already in that file)
still tons of messages like this one:
[Do Jun 9 23:15:47 2022] audit: type=1420 audit(1654809348.128:59832):
subj_apparmor=unconfined
[Do Jun 9 23:15:47 2022] audit: type=1107 audit(1654809348.128:59833): pid=977
uid=103 auid=4294967295 ses=4294967295 subj=? msg='apparmor="ALLOWED"
operation="dbus_method_call" bus="system" path="/org/freedesktop/DBus"
interface="org.freedesktop.DBus" member="StartServiceByName" mask="send"
name="org.freedesktop.DBus" pid=158627 label="/usr/bin/redshift"
peer_label="unconfined"
exe="/usr/bin/dbus-daemon" sauid=103 hostname=?
addr=? terminal=?'
[Do Jun 9 23:15:47 2022] audit: type=1420 audit(1654809348.128:59834):
subj_apparmor=unconfined
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/1948752
Title:
apparmor is logging too many messages
Status in Redshift:
New
Status in apparmor package in Ubuntu:
New
Bug description:
Unfortunately, this bug does not seem to be fixed yet.
My syslog is flooded with ALLOWED messages regarding redshift.
My system is a Kubuntu 21.04.
AppArmor is V. 3.0.0-0ubuntu7.1
Attached you'll find an excerpt from /var/log/syslog for the last 5
minutes.
To manage notifications about this bug go to:
https://bugs.launchpad.net/redshift/+bug/1948752/+subscriptions
--
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1948752] Re: apparmor is logging too many messages
with in the profile block, eg.
profile redshift {
or something similar, add the following rules
dbus send bus="system" path="/org/freedesktop/DBus"
interface="org.freedesktop.DBus"
member="{GetNameOwner,StartServiceByName,AddMatch}",
dbus send bus="system" path="/org/freedesktop/GeoClue2/Manager"
interface="org.freedesktop.DBus.Properties" member="GetAll",
dbus send bus="system" path="/org/freedesktop/GeoClue2/Manager"
interface="org.freedesktop.GeoClue2.Manager" member="GetClient",
I think I got everything that is needed but its possible I missed a couple
cases, also there may be other rules needed not covered by the above logs
after adding the above rules you need to reload the profile.
systemctl reload apparmor
should do it
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/1948752
Title:
apparmor is logging too many messages
Status in Redshift:
New
Status in apparmor package in Ubuntu:
New
Bug description:
Unfortunately, this bug does not seem to be fixed yet.
My syslog is flooded with ALLOWED messages regarding redshift.
My system is a Kubuntu 21.04.
AppArmor is V. 3.0.0-0ubuntu7.1
Attached you'll find an excerpt from /var/log/syslog for the last 5
minutes.
To manage notifications about this bug go to:
https://bugs.launchpad.net/redshift/+bug/1948752/+subscriptions
--
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1948752] Re: apparmor is logging too many messages
Which would be? -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apparmor in Ubuntu. https://bugs.launchpad.net/bugs/1948752 Title: apparmor is logging too many messages Status in Redshift: New Status in apparmor package in Ubuntu: New Bug description: Unfortunately, this bug does not seem to be fixed yet. My syslog is flooded with ALLOWED messages regarding redshift. My system is a Kubuntu 21.04. AppArmor is V. 3.0.0-0ubuntu7.1 Attached you'll find an excerpt from /var/log/syslog for the last 5 minutes. To manage notifications about this bug go to: https://bugs.launchpad.net/redshift/+bug/1948752/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1948752] Re: apparmor is logging too many messages
The /usr/bin/redshift profile needs some additional dbus rules. ** Also affects: redshift Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apparmor in Ubuntu. https://bugs.launchpad.net/bugs/1948752 Title: apparmor is logging too many messages Status in Redshift: New Status in apparmor package in Ubuntu: New Bug description: Unfortunately, this bug does not seem to be fixed yet. My syslog is flooded with ALLOWED messages regarding redshift. My system is a Kubuntu 21.04. AppArmor is V. 3.0.0-0ubuntu7.1 Attached you'll find an excerpt from /var/log/syslog for the last 5 minutes. To manage notifications about this bug go to: https://bugs.launchpad.net/redshift/+bug/1948752/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
